I have implemented Adobe LiveCycle Rights Management ES2 turnkey installation.
I had configured SSL with self-generated certificate from the server, and it works fine.
Now we have bought an SSL certificate from GeoTrust and I am trying to make the system work with it, but having problems.
The certificate is a SAN certificate. I received the certificate in PKCS7 format which includes the server cert, intermediate(s) and root, all in one.
When I try to run the keytool command to import this certificate into a keystore, I get the error: Input not an X.509 certificate.
I had also separately received the X.509 format certificate. In this case there was the SSL certificate itself, and additionally an intermediate certificate that had to be installed together with the SSL Server Certificate.
I imported both these certificates into a single keystore, and referred to that keystore in the server.xml file.
When I restart JBoss, I get the following error repeatedly in the logfile:
2010-08-09 16:13:29,421 ERROR [org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)
at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)
at java.lang.Thread.run(Unknown Source)
Could anyone please point out what I am doing wrong or what I am missing.
Thanks,
Ali.
Views
Replies
Total Likes
Hi Ali,
It seems that JBoss eitehr can't find the truststore (triple check the path such as forward slashes on Unix) or does not believe your X.509 cert is really an X.509 cert. Did you check the cert with a different tool? For example if you are on Windows, you can right-click the .cer file and check the properties and it will tell you if it's an X.509 cert.
I hope this helps.
John
Views
Replies
Total Likes
Yes, it was not able to find the private key. Found the problem, and fixed. The problem was that I was trying to import the certificate into a different keystore.
I was supposed to import the certificate into the same keystore from which I had earlier generated the Certificate Signing Request and which must be having the private key generated at the time.
Thanks for the valuable input John.
Views
Replies
Total Likes