Here is a list of common problems that you may encounter when setting up SSL communications, and what to do about them.
- When Tomcat starts up, I get an exception like “java.io.FileNotFoundException: {some-directory}/{some-file} not found”.
A likely explanation is that Tomcat cannot find the keystore file where it is looking. By default, Tomcat expects the keystore file to be named .keystore in the user home directory under which Tomcat is running (which may or may not be the same as yours :-). If the keystore file is anywhere else, you will need to add a keystoreFile attribute to the <Factory> element in the Tomcat configuration file.
- When Tomcat starts up, I get an exception like “java.io.FileNotFoundException: Keystore was tampered with, or password was incorrect”.
Assuming that someone has not actually tampered with your keystore file, the most likely cause is that Tomcat is using a different password than the one you used when you created the keystore file. To fix this, you can either go back and recreate the keystore file, or you can add or update the keystorePass attribute on the <Connector> element in the Tomcat configuration file. REMINDER – Passwords are case sensitive!
- When Tomcat starts up, I get an exception like “java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.”
A likely explanation is that Tomcat cannot find the alias for the server key within the specified keystore. Check that the correct keystoreFile and keyAlias are specified in the <Connector> element in the Tomcat configuration file. REMINDER – keyAlias values may be case sensitive!
If you are still having problems, a good source of information is the TOMCAT-USER mailing list. You can find pointers to archives of previous messages on this list, as well as subscription and unsubscription information, athttp://tomcat.apache.org/lists.html.