Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Need SSL help with certificate

9 views
Skip to first unread message

Jim McCullars

unread,
Apr 23, 2007, 3:22:07 PM4/23/07
to
Greetings:

I have a web application that runs under Tomcat 5 and I need to implement
SSL. The software vendor installed a self-signed test certificate when they
put in the software and now it's up to me to install a real one. For the
life of me, I cannot make this work. I created a new keystore with a private
key, then used that to generate a CSR and got a certificate back from
Verisign. I imported the intermediate CA into they keystore then imported
the certificate. But the application will not work. Here is the keystore
that does work:

bash-2.05$ keytool -list -keystore /usr/local/touchnet/keystore.SAV
Enter keystore password:

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

touchnet, May 3, 2006, keyEntry,
Certificate fingerprint (MD5): E1:C2:48:86:86:E3:98:F2:03:A7:02:2E:44:53:F7:A3


and here is the keystore that does not work:

bash-2.05$ keytool -list -keystore /usr/local/touchnet/keystore
Enter keystore password:

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

tpg2007, Apr 23, 2007, keyEntry,
Certificate fingerprint (MD5): CF:D5:43:23:44:2B:09:D1:EC:73:7C:25:99:55:9F:04

The alias is the same one that I used to create the initial key. Whenever I
start Tomcat, I get a message that says Cannot recover key. Here is the log:

bash-2.05$ cat ../logs/catalina.out
Apr 23, 2007 2:18:15 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/jdk1.5.0_06/jre/lib/sparc/client:/usr/jdk1.5.0_06/jre/lib/sparc:/usr/jdk1.5.0_06/jre/../lib/sparc:/usr/lib
Apr 23, 2007 2:18:16 PM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Apr 23, 2007 2:18:16 PM org.apache.coyote.http11.Http11BaseProtocol init
SEVERE: Error initializing endpoint
java.io.IOException: Cannot recover key
at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:125)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88)
at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292)
at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:138)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1016)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
Apr 23, 2007 2:18:16 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed: java.io.IOException: Cannot recover key
at org.apache.catalina.connector.Connector.initialize(Connector.java:1018)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:580)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:791)
at org.apache.catalina.startup.Catalina.load(Catalina.java:503)
at org.apache.catalina.startup.Catalina.load(Catalina.java:523)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431)
Apr 23, 2007 2:18:16 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 3382 ms
Apr 23, 2007 2:18:16 PM org.apache.catalina.realm.JAASRealm setContainer
INFO: Set JAAS app name pg_opctr
Apr 23, 2007 2:18:17 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Apr 23, 2007 2:18:17 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.17
Apr 23, 2007 2:18:17 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Apr 23, 2007 2:18:20 PM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Apr 23, 2007 2:18:21 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Apr 23, 2007 2:18:21 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/77 config=null


Can anyone offer a suggestion? Thanks...

Jim McCullars
University of Alabama in Huntsville

0 new messages