I searched the forum and found several postings describing similar issues to the one I'm experiencing. I would normally post within those threads, but I've tried the solutions that solved those other people's issues, so I'm thinking the root problem here may be different.
I've got three physically separate
tomcat servers that I need to use a godaddy wildcard (*.ourdomain.com) SSL cert on. We've got it working on one server (someone else configured it), and I've been unable to get the other two to start-up and use the keystore.
I have tried copying the working keystore file from the working server. That doesn't work.
Below are example set-up steps and errors that result. I've spent two full days trying to get this to work through every imaginable approach, so I'm not going to paste in every attempt.
Following steps in
this poorly-written article.
D:\jrepath\jre6\bin>keytool -import -alias root -keystore tomcat_3.keystor
e.jks -trustcacerts -file D:\tomcat_path\Tomcat6\keys\valicert_class2_root.crt
Enter keystore password:
Re-enter new password:
Certificate already exists in system-wide CA keystore under alias <valicertclass
2ca>
Do you still want to add it to your own keystore? [no]: yes
Certificate was added to keystore
D:\jrepath\jre6\bin>keytool -import -alias cross -keystore tomcat_3.keysto
re.jks -trustcacerts -file D:\tomcat_path\Tomcat6\keys\gd_cross_intermediate.c
rt
Enter keystore password:
Certificate was added to keystore
D:\jrepath\jre6\bin>keytool -import -alias intermed -keystore tomcat_3.key
store.jks -trustcacerts -file D:\tomcat_path\Tomcat6\keys\gd_intermediate.crt
Enter keystore password:
Certificate was added to keystore
D:\jrepath\jre6\bin>keytool -import -alias tomcat -keystore tomcat_3.keyst
ore.jks -trustcacerts -file D:\tomcat_path\Tomcat6\keys\ourdomain.com.c
rt
Enter keystore password:
Certificate was added to keystore
D:\jrepath\jre6\bin>
So then I move the tomcat_3.keystore.jks file to the D:\tomcat_path\Tomcat6\keys\ directory.
I edit the server.xml file for Tomcat to include the following container:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/tomcat_path/Tomcat6/keys/tomcat_3.keystore.jks"
keystorePass="changeit" />
Upon starting Tomcat, I find this error in the catalina log file:
Sep 15, 2010 12:19:57 PM org.apache.coyote.http11.Http11Protocol start
SEVERE: Error starting endpoint
java.io.IOException: jsse.invalid_ssl_conf
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:755)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:460)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:130)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:565)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1087)
at org.apache.catalina.core.StandardService.start(StandardService.java:534)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:307)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:751)
... 15 more
This issue is really blowing my mind. I have no idea what is wrong with my installation of this SSL certificate.
Any advice would be greatly appreciated.
austin_seth