Importing signed SSL certs question

For some odd reason, I am having issues attempting to get Wildfire 3 beta to work after importing (via keytool) a signed server key.

I have followed the instructions exactly as stated in the SSL guide. Upon restart of the server, I get the following error:

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:164) Could not setup SSL socket

javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSo cketImpl.java:303)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.jav a:253)

at org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.j ava:142)

2006.06.21 16:28:36 org.jivesoftware.wildfire.net.SSLSocketAcceptThread.run(SSLSocketAcceptThread.ja va:170) Shutting down SSL port - suspected configuration problem

I have set the following parameters in the Admin Console:

xmpp.socket.ssl.active = true

xmpp.socket.ssl.keypass =

xmpp.socket.ssl.port = 5223

Any help with getting this issue fixed and SSL working will be appreciated.

Did you build both RSA and DSA certs?

it appears that I did not. It is not covered in the SSL guide, so I don’'t know how to do so.

An update into my issue…

I have been experimenting with using keytool and OpenSSL. I ran the following commands:

keytool -genkey -alias wildfire -keyalg RSA -keystore keystore -validity 365

keytool -certreq -keyalg RSA -keystore keystore -alias wildfire -file certificate.csr

openssl x509 -req -CA server.crt -CAkey server.key -in certificate.csr -out certificate_signed

keytool -import -alias root -keystore keystore -trustcacerts -file server.crt

openssl x509 -in certificate_signed -out certificate-DER_signed -outform DER

keytool -import -alias MY_SERVER -file certificate-DER_signed -keystore keystore

This resulted in my server using the self generated cert for alias “wildfire”. This certificate works nicely, however I want to use a CA signed cert, not a self-signed cert. I tried deleting alias wildfire and restarting, in hopes that my server would use the MY_SERVER cert, however this caused SSL to fail.

i have exactly the same issues with cacert certificates.

and i build an dsa and an rsa certificate, so this cant be the issue.

i am not “fully assured” with cacert… could this be the problem?

is there something different (beyond) the certificate lifetime, when you arent fully assured?

To be honest, I’'ve given up attempting to install a Cacert cert. I ended up saying nuts to it, and blowing away my keystore.