[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] SSL error: fatal error: 40: no cipher suites in common
|
Turns out my keystore wasn't quite set up correctly. Despite appearing
to load the right certificate, it wasn't, so I had to follow the
instructions here:
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Loading_Keys_and_Certificates_via_PKCS12
To convert my .crt and .key files into a .p12 file, and then import
that into the keystore using keytool.
Just if anyone comes across this thread...
Martin
On 19 September 2011 16:46, Martin Hewitt <martin.hewitt@xxxxxxxxx> wrote:
> Sorry, forgot to mention. I'm using Jetty-7.3.1v20110307.
>
> Martin
>
> On 19 September 2011 16:18, Martin Hewitt <martin.hewitt@xxxxxxxxx> wrote:
>> Hi,
>>
>> I've been trying to get SSL working with an embedded Jetty install and
>> I keep bumping up against the above error.
>>
>> I've stripped out the ancillary code to simply leave a test server
>> which adds an SslChannelConnector and starts.
>>
>> The logging (-Djavax.net.debug=all) appears to find the certificate
>> without trouble, but whenever I try and connect I get the "cipher
>> suites" error.
>>
>> My embedded code is (assume 's' is a map of configuration values, and
>> assume server is: Server server = new Server() ):
>>
>>
>> SslContextFactory scf = new SslContextFactory();
>> scf.setKeyStore(s.get("keystore"));
>> scf.setKeyStorePassword(s.get("keystorePassword"));
>>
>> scf.setTrustStore( s.get("keystore") );
>> scf.setTrustStorePassword(s.get("keystorePassword"));
>>
>> scf.setKeyManagerPassword(s.get("keystorePassword"));
>>
>> SslSelectChannelConnector connector = new SslSelectChannelConnector(scf);
>> connector.setPort( port );
>>
>> server.addConnector(connector);
>>
>> Prior to updating the embedded code, I used keytool to import the
>> certificate as detailed here:
>> http://wiki.eclipse.org/Jetty/Reference/SSL_Connectors
>>
>> I've tried using SslContextFactory#setIncludeCipherSuites to no avail.
>>
>> Any help or pointers would be greatly appreciated.
>>
>> Thanks,
>>
>> Martin
>>
>