Wie konfiguriere ich zwei-Wege-SSL auf Client und Server auf Tomcat 7 mit openssl für SSL-Zertifikat-Generation?

Ich habe in der folgenden Verbindung gegeben Schlüsselspeicher und die Lösung durch TruStore pedrofb bereitgestellt Verwendung How to configure two way SSL connection in Spring WS without using Spring boot and using separate Apache tomcat server?Wie konfiguriere ich zwei-Wege-SSL auf Client und Server auf Tomcat 7 mit openssl für SSL-Zertifikat-Generation?

I gesetzt haben den Schlüsselspeicher und TruStore Eigenschaften für Client und Server in tomcat 7. Doch wenn ich versuche zu verbinden konfiguriert th zum Server erhalte ich den Fehler unter

Using SSLEngineImpl. 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
    Allow unsafe renegotiation: false 
    Allow legacy hello messages: true 
    Is initial handshake: true 
    Is secure renegotiation: false 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Using SSLEngineImpl. 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
    Allow unsafe renegotiation: false 
    Allow legacy hello messages: true 
    Is initial handshake: true 
    Is secure renegotiation: false 
    http-nio-8443-exec-9, READ: TLSv1 Handshake, length = 185 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    *** ClientHello, TLSv1.2 
    RandomCookie: GMT: -364265602 bytes = { 151, 161, 117, 135, 49, 179, 239, 50, 221, 113, 108, 85, 152, 173, 82, 244, 120, 98, 133, 94, 72, 13, 209, 43, 60, 89, 124, 77 } 
    Session ID: {} 
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] 
    Compression Methods: { 0 } 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    Extension server_name, server_name: [type=host_name (0), value=localhost] 
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA 
    Unsupported extension status_request, data: 01:00:00:00:00 
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed] 
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1} 
    *** 
    http-nio-8443-exec-1, READ: TLSv1 Handshake, length = 185 
    *** ClientHello, TLSv1.2 
    RandomCookie: GMT: 624575245 bytes = { 5, 128, 117, 156, 92, 134, 29, 210, 250, 146, 110, 193, 126, 10, 111%% Initialized: [Session-27, SSL_NULL_WITH_NULL_NULL] 
    , 45, 132, 231, 235, 77, 110, 238, 35, 93, 37, 164, 168, 251 } 
    Session ID: {} 
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] 
    Compression Methods: { 0 } 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    Extension server_name, server_name: [type=host_name (0), value=localhost] 
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA 
    Unsupported extension status_request, data: 01:00:00:00:00 
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed] 
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1} 
    *** 
    %% Initialized: [Session-28, SSL_NULL_WITH_NULL_NULL] 
    %% Negotiating: [Session-27, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    *** ServerHello, TLSv1.2 
    RandomCookie: GMT: 1465167446 bytes = { 250, 227, 168, 23, 5, 88, 160, 124, 42, 177, 14, 37, 174, 160, 121, 13, 224, 215, 45, 17, 46, 117, 215, 62, 224, 31, 241, 109 } 
    Session ID: {87, 85, 174, 86, 210, 17, 84, 99, 103, 218, 211, 254, 20, 253, 117, 8, 221, 141, 57, 197, 148, 244, 184, 91, 112, 35, 41, 60, 219, 23, 171, 67} 
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    Compression Method: 0 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    *** 
    Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    *** Certificate chain 
    chain [0] = [ 
    [ 
     Version: V1 
     Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 

     Key: Sun RSA public key, 1024 bits 
     modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147 
     public exponent: 65537 
     Validity: [From: Mon Jun 06 22:09:30 IST 2016, 
        To: Tue Jun 06 22:09:30 IST 2017] 
     Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     SerialNumber: [ 9f141eca db1b5892] 

    ] 
     Algorithm: [SHA256withRSA] 
     Signature: 
    0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\. 
    0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>.. 
    0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,... 
    0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg. 
    0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._.. 
    0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X..... 
    0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I.... 
    0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T.. 

    ] 
    *** 
    %% Negotiating: [Session-28, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    *** ServerHello, TLSv1.2 
    RandomCookie: GMT: 1465167446 bytes = { 103, 27, 241, 116, 15, 29, 188, 76, 143, 250, 43, 244, 203, 202, 45, 229, 174, 22, 232, 84, 101, 180, 15, 46, 1, 2, 102, 153 } 
    Session ID: {87, 85, 174, 86, 57, 163, 69, 204, 125, 206, 51, 246, 36, 126, 169, 3, 253, 63, 0, 8, 97, 161, 116, 83, 52, 47, 229, 6, 202, 194, 109, 25} 
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    Compression Method: 0 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    *** 
    Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    *** Certificate chain 
    chain [0] = [ 
    [ 
     Version: V1 
     Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 

     Key: Sun RSA public key, 1024 bits 
     modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147 
     public exponent: 65537 
     Validity: [From: Mon Jun 06 22:09:30 IST 2016, 
        To: Tue Jun 06 22:09:30 IST 2017] 
     Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     SerialNumber: [ 9f141eca db1b5892] 

    ] 
     Algorithm: [SHA256withRSA] 
     Signature: 
    0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\. 
    0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>.. 
    0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,... 
    0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg. 
    0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._.. 
    0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X..... 
    0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I.... 
    0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T.. 

    ] 
    *** 
    *** ECDH ServerKeyExchange 
    *** ECDH ServerKeyExchange 
    Signature Algorithm SHA512withRSA 
    Server key: Sun EC public key, 256 bits 
     public x coord: 85555666343139018963533967280538968797633662983139641438682557033369225999165 
     public y coord: 8427840957609862596834523195604231585301724865593291933177525359181625802444 
     parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
    *** CertificateRequest 
    Cert Types: RSA, DSS, ECDSA 
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
    Cert Authorities: 
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN> 
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN> 
    *** ServerHelloDone 
    Signature Algorithm SHA512withRSA 
    http-nio-8443-exec-1, WRITE: TLSv1.2 Handshake, length = 1336 
    Server key: Sun EC public key, 256 bits 
     public x coord: 84402873937186238897029201223811091119078490206065291036407576822220964455837 
     public y coord: 102495088922183201760899172514801345100289489285600965229707082740951466499978 
     parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
    *** CertificateRequest 
    Cert Types: RSA, DSS, ECDSA 
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
    Cert Authorities: 
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN> 
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN> 
    *** ServerHelloDone 
    http-nio-8443-exec-9, WRITE: TLSv1.2 Handshake, length = 1336 
    http-nio-8443-exec-9, called closeOutbound() 
    http-nio-8443-exec-9, closeOutboundInternal() 
    http-nio-8443-exec-9, SEND TLSv1.2 ALERT: warning, description = close_notify 
    http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2 
    http-nio-8443-exec-9, called closeOutbound() 
    http-nio-8443-exec-9, closeOutboundInternal() 
    http-nio-8443-exec-9, SEND TLSv1.2 ALERT: warning, description = close_notify 
    http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2 
    Using SSLEngineImpl. 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
    Allow unsafe renegotiation: false 
    Allow legacy hello messages: true 
    Is initial handshake: true 
    Is secure renegotiation: false 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 
    http-nio-8443-exec-4, READ: TLSv1 Handshake, length = 185 
    *** ClientHello, TLSv1.2 
    RandomCookie: GMT: -1587396700 bytes = { 168, 137, 156, 195, 17, 132, 253, 181, 204, 114, 165, 228, 86, 231, 233, 158, 148, 15, 75, 153, 17, 24, 212, 36, 209, 134, 90, 182 } 
    Session ID: {} 
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] 
    Compression Methods: { 0 } 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    Extension server_name, server_name: [type=host_name (0), value=localhost] 
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA 
    Unsupported extension status_request, data: 01:00:00:00:00 
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31 
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed] 
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1} 
    *** 
    %% Initialized: [Session-29, SSL_NULL_WITH_NULL_NULL] 
    %% Negotiating: [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    *** ServerHello, TLSv1.2 
    RandomCookie: GMT: 1465167446 bytes = { 225, 169, 240, 135, 216, 14, 179, 8, 242, 163, 54, 198, 242, 182, 103, 125, 233, 71, 73, 94, 94, 112, 96, 92, 230, 44, 24, 124 } 
    Session ID: {87, 85, 174, 86, 58, 130, 84, 54, 254, 224, 181, 52, 14, 113, 71, 231, 52, 58, 218, 105, 147, 197, 135, 24, 188, 193, 25, 160, 12, 186, 145, 122} 
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    Compression Method: 0 
    Extension renegotiation_info, renegotiated_connection: <empty> 
    *** 
    Cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 
    *** Certificate chain 
    chain [0] = [ 
    [ 
     Version: V1 
     Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 

     Key: Sun RSA public key, 1024 bits 
     modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147 
     public exponent: 65537 
     Validity: [From: Mon Jun 06 22:09:30 IST 2016, 
        To: Tue Jun 06 22:09:30 IST 2017] 
     Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN 
     SerialNumber: [ 9f141eca db1b5892] 

    ] 
     Algorithm: [SHA256withRSA] 
     Signature: 
    0000: 52 80 1C 6C CF 67 1E 54 A8 D7 52 63 63 A6 5C E8 R..l.g.T..Rcc.\. 
    0010: 06 AB 45 17 D9 EF A5 BA AB 15 63 D0 8B 3E A8 F4 ..E.......c..>.. 
    0020: 16 DD 0A AB 64 7D 16 BD B6 72 61 51 2C CA F3 F0 ....d....raQ,... 
    0030: 72 42 AF EF 67 0C B8 F4 99 26 34 12 A6 44 67 81 rB..g....&4..Dg. 
    0040: 78 79 4B 29 CC FB BC 75 32 61 54 1D C4 5F F2 BD xyK)...u2aT.._.. 
    0050: 0E 5C A4 C0 A5 67 44 53 1B 0C 58 01 F0 A2 EC F3 .\...gDS..X..... 
    0060: 94 F3 D9 FB D3 1A A5 BA D9 7E 9E 49 90 10 84 7F ...........I.... 
    0070: A6 7E 03 80 C0 17 2E F3 89 DE 27 31 C1 54 B5 AC ..........'1.T.. 

    ] 
    *** 
    *** ECDH ServerKeyExchange 
    Signature Algorithm SHA512withRSA 
    Server key: Sun EC public key, 256 bits 
     public x coord: 81903135861506604845195203015394003955799288815680914864504286597024832297135 
     public y coord: 106714826192296131282741266053860770585192831249415196199432006232074628631588 
     parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) 
    *** CertificateRequest 
    Cert Types: RSA, DSS, ECDSA 
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA 
    Cert Authorities: 
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN> 
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN> 
    *** ServerHelloDone 
    http-nio-8443-exec-4, WRITE: TLSv1.2 Handshake, length = 1336 
    http-nio-8443-exec-6, READ: TLSv1.2 Handshake, length = 7 
    *** Certificate chain 
    <Empty> 
    *** 
    http-nio-8443-exec-6, fatal error: 42: null cert chain 
    javax.net.ssl.SSLHandshakeException: null cert chain 
    %% Invalidated: [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] 
    http-nio-8443-exec-6, SEND TLSv1.2 ALERT: fatal, description = bad_certificate 
    http-nio-8443-exec-6, WRITE: TLSv1.2 Alert, length = 2 
    http-nio-8443-exec-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain 
    http-nio-8443-exec-6, called closeOutbound() 
    http-nio-8443-exec-6, closeOutboundInternal()

auf der Clientseite ich folgende Fehler

Try contacting the system admin. 
ERR_BAD_SSL_CLIENT_AUTH_CERT

der Kunde im Browser sendet sein Zertifikat nicht, wenn der Server es anfordert.

Muss ich clientauth=true behalten, sowohl im Client als auch im Server?

My Server keystore contains server.pfx 
My Server trustore contains client.crt and ca.crt 
My Client keystore contains client.p12 client.crt ca.crt 
My Client trustore contains server.crt

Dank

Quelle

2016-06-06 briantaurostack7

-1

Endlich habe ich die Lösung gefunden Ich habe client.p12 nicht im Browser installiert und daher hat mein Client sein Zertifikat nicht an den Server gesendet. Sobald ich client.p12 im Browser installiert habe, hat es angefangen zu arbeiten.

Quelle

2016-06-07 06:30:01 briantaurostack7

Der Server ein Zertifikat anfordert, und eine Liste der vertrauenswürdigen Unterzeichner bereitstellt. Dies kommt vom Truststore des Servers. Der Client verfügt über kein Zertifikat, das von einem dieser Unterzeichner in seinem Keystore signiert wurde, sodass er kein Zertifikat senden kann.

Lösung: Lassen Sie entweder das Client-Zertifikat von einem der vertrauenswürdigen Unterzeichner signieren, oder erweitern Sie die vertrauenswürdigen Unterzeichner, um den Unterzeichner des Client-Zertifikats einzuschließen.

Quelle

2016-06-06 11:38:28 EJP

Wie konfiguriere ich zwei-Wege-SSL auf Client und Server auf Tomcat 7 mit openssl für SSL-Zertifikat-Generation?

Antwort

Verwandte Themen