This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Errors in Tomcat 6 on SSL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Products » Tomcat
Bookmark "Errors in Tomcat 6 on SSL" Watch "Errors in Tomcat 6 on SSL" New topic

Errors in Tomcat 6 on SSL

Peter Snodgrass

Joined: Jul 09, 2008
Posts: 2
I am trying to configure a Tomcat 6.0.13 server with client authentication (corporate CA and each user has PKI certs installed into their browser). I have built a default keystore in the user's directory where the Tomcat server is running and installed the server cert there. I have installed a global keystore in the Java 5 JRE into which I have loaded the trusted chain.

When I start tomcat the log gets filled with repeated SEVER messages as follows:

Socket Accept Failed handshake No available certificate or key corresponds to the SSL cipher suites which are enabled.

any ideas
Zemian Deng

Joined: Jun 12, 2007
Posts: 21
You need to pased your server.xml on the Connector section where you configure SSL.

My guess is that you have the key name not matching what you added to your keystore.

If you cont to have problem, print the output of how you add your keys and created your keystore will get you faster answers.
Peter Snodgrass

Joined: Jul 09, 2008
Posts: 2
indeed you are on to the solution.

I moved my server cert from the truststore to the default keystore
I then modified the connector to have the key alias and key password
Then things began to work correctly.

One oddity was observed; I noticed that after shutting down Tomcat, it takes a while before the ports it configured are truly released. If tomcat is restarted before the ports are cleared other errors crop up. So to make sure a clean server is obtained use netstat -a | grep <configured port> checking all the ports tomcat cares about. When they are all released start the server with the current changes.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: Errors in Tomcat 6 on SSL
It's not a secret anymore!