I thought I had all my Tomcat issues resolved and was ready to go from the self-signed cert to one issued by a CA. So I followed all the steps, generated a CSR, got the root cert and test cert, installed them into the keytool, and restarted the server. An exception is thrown saying:

No available certificate corresponds to the SSL cipher suites which are enabled

--- Details:

I tried this with Verisign and Thawte, same result. I even called Verisign support and they had no clue. I searched the web, and found many people with the same problem in many situations beside Tomcat, but the only solution I found is to add some java code to enable additional cipher suites, which obviously cannot done in a configuration file. HELP!!!

The following are the commands I used, starting from "having no .keystore", and using the Tomcat-default "changeit" for the password:

keytool -genkey -alias tomcat -keyalg RSA
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr
... got the certs...
keytool -delete -alias tomcat
keytool -import -alias root -trustcacerts -file rootcert.cer (root/intermediate/chain cert, as appropriate for the CA)
keytool -import -alias tomcat -trustcacerts -file testcert.cer

Needless to say everything works perfectly with a self-signed certificate. It is almost as if the CA-provided test certificates are incompatible with jdk 1.4.2_03, which is absurd.

Bruno Melloni
eBusiness Application Center, Americas
Nokia, Inc
6000 Connection Drive, Mailstop 4w223
Irving, TX 75039 USA
*Office: +1 (972)894-6120
*Cellular: +1 (469) 939-1067
* SMS:   4699391067@(protected)
* e-mail: bruno.melloni@(protected)


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)