• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Liutauras Vilda
Sheriffs:
  • Paul Clapham
  • Jeanne Boyarsky
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
Bartenders:
  • Jesse Duncan
  • Frits Walraven
  • Mikalai Zaikin

Errors in Tomcat 6 on SSL

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to configure a Tomcat 6.0.13 server with client authentication (corporate CA and each user has PKI certs installed into their browser). I have built a default keystore in the user's directory where the Tomcat server is running and installed the server cert there. I have installed a global keystore in the Java 5 JRE into which I have loaded the trusted chain.

When I start tomcat the log gets filled with repeated SEVER messages as follows:

Socket Accept Failed
java.net.SocketException:SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Thread.java.595)

any ideas
 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You need to pased your server.xml on the Connector section where you configure SSL.

My guess is that you have the key name not matching what you added to your keystore.

If you cont to have problem, print the output of how you add your keys and created your keystore will get you faster answers.
 
Peter Snodgrass
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
indeed you are on to the solution.

I moved my server cert from the truststore to the default keystore
I then modified the connector to have the key alias and key password
Then things began to work correctly.

One oddity was observed; I noticed that after shutting down Tomcat, it takes a while before the ports it configured are truly released. If tomcat is restarted before the ports are cleared other errors crop up. So to make sure a clean server is obtained use netstat -a | grep <configured port> checking all the ports tomcat cares about. When they are all released start the server with the current changes.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic