9

I followed the following steps to setup SSL for Tomcat 7, after downloaded my certificates from my CA, I:

  1. used Java keytool to import root, intermediate, and my site certificate into local keystore.

  2. modified tomcat server.xml file to this (many sites are having the similar conf):

    <Connector
 port="8443"
 SSLEnabled="true"
 protocol="HTTP/1.1"
 maxThreads="150"
 scheme="https"
 secure="true"
 keystoreFile="conf/.keystore"
 keystorePass="password"
 clientAuth="false"
 sslProtocol="TLS"
 />

Everything seemed fine until I opened browser to access the site and got an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error in Chrome, and "no common encryption algorithm" error under Firefox.

I spent a few hours but yet could not figure out what the problem is, and would be grateful to those who can shed light on this issue.

UPDATE It works now after keystoreFile changes to .pfx file, but why does not it work by following java keystore (.keystore) with importing .cer files approach?

user207421
  • 305,947
  • 44
  • 307
  • 483
Kevin
  • 567
  • 2
  • 8
  • 19
  • 1
    Can you specify what you did to convert the keystore file to .pfx file, and how you got this to work? I have similar problem with JBoss server, and I want to try your approach. – Zoran Trifunovski Oct 20 '14 at 08:30
  • The settings for the pfx are described here: http://stackoverflow.com/questions/23271327/installing-updated-pfx-wildcard-into-tomcat-keystore – Paco Zarate Aug 03 '15 at 18:43
  • This can happen if you don't have a private key in the keystore. – user207421 Oct 16 '16 at 23:41

1 Answers1

1

I had the same problem and I forgot to import the private key. Follow the instructions in this thread[1] to import your and the CA's certificate and your private key. That worked for me.

[1] importing an existing x509 certificate and private key in Java keystore to use in ssl

Community
  • 1
  • 1
Peter Clause
  • 1,132
  • 9
  • 22