Results 1 to 3 of 3

Thread: Commercial certificates, Tomcat, and zmcertinstall

  1. #1
    Join Date
    Sep 2006
    Posts
    2
    Rep Power
    9

    Default Commercial certificates, Tomcat, and zmcertinstall

    I'm running 4.01 on FC5. Executing 'zmcertinstall mta my.crt my.key` installs my commercial certificate properly in Postfix. But running `zmcertinstall mailbox my.crt` freaks out Tomcat, which constantly dumps this error to its log:

    SEVERE: Endpoint [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=7071]] ignored exception: java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
    java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
    at org.apache.tomcat.util.net.jsse.JSSESocketFactory. acceptSocket(JSSESocketFactory.java:113)
    at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptS ocket(PoolTcpEndpoint.java:407)
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThr ead.runIt(LeaderFollowerWorkerThread.java:70)
    at org.apache.tomcat.util.threads.ThreadPool$ControlR unnable.run(ThreadPool.java:684)
    at java.lang.Thread.run(Thread.java:595)
    Both the commercial cert and the self-signed cert use RSA. The wiki entries on this topic seem out of date. Any ideas?
    Last edited by shiva; 09-11-2006 at 11:31 AM.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Why are you using a self signed certificate for tomcat when you have a commercial one? Have you followed the instructions on this page? If you have can you tell us at which step it went wrong?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Sep 2006
    Posts
    2
    Rep Power
    9

    Default

    Quote Originally Posted by phoenix
    Why are you using a self signed certificate for tomcat when you have a commercial one?
    I am attempting to install the commercial one.

    Have you followed the instructions on this page? If you have can you tell us at which step it went wrong?
    I purchased the cert a while ago, so I didn't bother with generating a CSR. Running `zmcertinstall mailbox my.crt my.key` results in the first branch being executed:

    Code:
    if [ $APP = "mailbox" ]; then
         keytool -import -alias tomcat -keystore ${TCONF}/keystore \
            -trustcacerts -file ${CERTFILE} -storepass zimbra
    else
         cp -f $CERTFILE ${CONF}/smtpd.crt
         cp -f $KEYFILE ${CONF}/smtpd.key
    fi
    I assume that has the same effect as performing steps B and C manually?

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •