I have an issue with SSL configuration, while doing an installation for our in-house product. The installation is on jboss-eap-6.1., using java-1.7.0-openjdk-1.7.0.85.x86_64
The log sais:
16:28:11,685 DEBUG [org.apache.tomcat.util] (http-/0.0.0.0:8443-1) JBWEB003006: Handshake failed: java.io.IOException: JBWEB002042: SSL handshake failed, cipher suite in SSL Session is SSL_NULL_WITH_NULL_NULL at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:185) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]
I have the following configuration in the standalone-full.xml for https:
connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
ssl name="tomcat-ssl" key-alias="ssocertificate" password="changeit" certificate-key-file="/etc/cas/certificate/portal.keystore" protocol="TLSv1"
cipher-suite= "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"/>
/connector>
The key was generated like this:
keytool -genkey -dname "CN=sem-core, OU=HOME, O=Company, L=Timisoara, ST=Timis, C=RO" -alias "alu" -keyalg RSA -keypass changeit -keystore /etc/cas/certificate/portal.keystore -storepass changeit -keyalg RSA -ext SAN=dns:sem-core,ip:135.247.150.77
Also imported in $JAVA_HOME/lib/security/cacerts
Any attempt to access https on the configured port is unsuccessful. Sometimes I get the error above, sometimes nothing. Firefox returns:
An error occurred during a connection to 135.247.150.77:8443. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert)
Thanks for any ideas.