1 Reply Latest reply on Sep 22, 2002 2:31 PM by J. Wolfgang Kaltz

    HTTPS / Certificate Woes

    Rod Frey Newbie

      I believe I've exhausted the possibilities in the paid and free documentation, as well as several suggestions already on the forum, so I hope I'm not missing an obvious solution.

      I've configured HTTPS on my web app, and it works perfectly with a self-signed certificate. However, when I import the signed certificate (from Soltrus, a Canadian Verisign partner), I get the exception:

      javax.net.ssl.SSLException: No available certificate corresponds to the SSL cipher suites which are enabled.
      at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.a(DashoA6275)
      at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(DashoA6275)
      at org.mortbay.util.ThreadedServer.acceptSocket(ThreadedServer.java:377)
      at org.mortbay.util.ThreadedServer$Acceptor.run(ThreadedServer.java:546)

      I'm using the 1.4.1 SDK, and my providers seem set up correctly. I've configured and tried both JBoss 3.0.0/Tomcat and 3.0.2/Jetty, and experienced the same problem: perfect behaviour with a self-signed cert, failure with the signed cert. I'm definitely using the correct keystore. There was a suggestion in message

      http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ I add the -trustcacerts flag to the keytool -import command, which I did: no effect. I've imported Soltrus' certificate into my cacerts file and repeated the keytool -import of my own signed certificate, again no effect.

      This is probably a JSSE configuration issue, but I haven't found any hints on the javasoft site. I'm absolutely out of ideas. Any thoughts?

      Thanks!

        • 1. Re: HTTPS / Certificate Woes
          J. Wolfgang Kaltz Novice

          > javax.net.ssl.SSLException: No available certificate
          > corresponds to the SSL cipher suites which are
          > enabled.

          What cipher suites are actually enabled in your server configuration ?

          this could be a shot in the dark, but I'm wondering whether the encryption algorithm used for your certificate also needs to be in the ssl cipher suites.
          In any case, you could whether the way your certificate was encrypted, is supported by your Tomcat webserver in the first place.

          Good luck and ... go oilers go !?