Unable to configure ALC RM ES2 with GeoTrust SSL Certificate

Avatar

Avatar

Muhammad_Ali_Ri

Avatar

Muhammad_Ali_Ri

Muhammad_Ali_Ri

09-08-2010

I have implemented Adobe LiveCycle Rights Management ES2 turnkey installation.

I had configured SSL with self-generated certificate from the server, and it works fine.

Now we have bought an SSL certificate from GeoTrust and I am trying to make the system work with it, but having problems.

The certificate is a SAN certificate. I received the certificate in PKCS7 format which includes the server cert, intermediate(s) and root, all in one.

When I try to run the keytool command to import this certificate into a keystore, I get the error: Input not an X.509 certificate.

I had also separately received the X.509 format certificate. In this case there was the SSL certificate itself, and additionally an intermediate certificate that had to be installed together with the SSL Server Certificate.

I imported both these certificates into a single keystore, and referred to that keystore in the server.xml file.

When I restart JBoss, I get the following error repeatedly in the logfile:

2010-08-09 16:13:29,421 ERROR [org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed

java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketFactory.java:150)

at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310)

at java.lang.Thread.run(Unknown Source)

Could anyone please point out what I am doing wrong or what I am missing.

Thanks,

Ali.

View Entire Topic

Avatar

Avatar

John_C_Cummins

Avatar

John_C_Cummins

John_C_Cummins

12-08-2010

Hi Ali,

It seems that JBoss eitehr can't find the truststore (triple check the path such as forward slashes on Unix) or does not believe your X.509 cert is really an X.509 cert. Did you check the cert with a different tool? For example if you are on Windows, you can right-click the .cer file and check the properties and it will tell you if it's an X.509 cert.

I hope this helps.

John