Как настроить двусторонний ssl на клиенте и сервере на tomcat 7, используя openssl для генерации сертификата ssl?

Я настроил хранилище ключей и доверенное хранилище, используя решение, предоставленное pedrofb, приведенное в следующей ссылке Как настроить двустороннее SSL-соединение в Spring WS без использования Spring boot и с использованием отдельного сервера Apache Tomcat?

Я установил свойства хранилища ключей и доверия как для клиента, так и для сервера в tomcat 7. Тем не менее, когда я пытаюсь подключиться к серверу, я получаю сообщение об ошибке ниже

    Using SSLEngineImpl.
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    Allow unsafe renegotiation: false
    Allow legacy hello messages: true
    Is initial handshake: true
    Is secure renegotiation: false
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Using SSLEngineImpl.
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    Allow unsafe renegotiation: false
    Allow legacy hello messages: true
    Is initial handshake: true
    Is secure renegotiation: false
    http-nio-8443-exec-9, READ: TLSv1 Handshake, length = 185
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: -364265602 bytes = { 151, 161, 117, 135, 49, 179, 239, 50, 221, 113, 108, 85, 152, 173, 82, 244, 120, 98, 133, 94, 72, 13, 209, 43, 60, 89, 124, 77 }
    Session ID:  {}
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
    Compression Methods:  { 0 }
    Extension renegotiation_info, renegotiated_connection: <empty>
    Extension server_name, server_name: [type=host_name (0), value=localhost]
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
    Unsupported extension status_request, data: 01:00:00:00:00
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed]
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1}
    ***
    http-nio-8443-exec-1, READ: TLSv1 Handshake, length = 185
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 624575245 bytes = { 5, 128, 117, 156, 92, 134, 29, 210, 250, 146, 110, 193, 126, 10, 111%% Initialized:  [Session-27, SSL_NULL_WITH_NULL_NULL]
    , 45, 132, 231, 235, 77, 110, 238, 35, 93, 37, 164, 168, 251 }
    Session ID:  {}
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
    Compression Methods:  { 0 }
    Extension renegotiation_info, renegotiated_connection: <empty>
    Extension server_name, server_name: [type=host_name (0), value=localhost]
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
    Unsupported extension status_request, data: 01:00:00:00:00
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed]
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1}
    ***
    %% Initialized:  [Session-28, SSL_NULL_WITH_NULL_NULL]
    %% Negotiating:  [Session-27, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
    *** ServerHello, TLSv1.2
    RandomCookie:  GMT: 1465167446 bytes = { 250, 227, 168, 23, 5, 88, 160, 124, 42, 177, 14, 37, 174, 160, 121, 13, 224, 215, 45, 17, 46, 117, 215, 62, 224, 31, 241, 109 }
    Session ID:  {87, 85, 174, 86, 210, 17, 84, 99, 103, 218, 211, 254, 20, 253, 117, 8, 221, 141, 57, 197, 148, 244, 184, 91, 112, 35, 41, 60, 219, 23, 171, 67}
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    Compression Method: 0
    Extension renegotiation_info, renegotiated_connection: <empty>
    ***
    Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    *** Certificate chain
    chain [0] = [
    [
      Version: V1
      Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
      Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

      Key:  Sun RSA public key, 1024 bits
      modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147
      public exponent: 65537
      Validity: [From: Mon Jun 06 22:09:30 IST 2016,
                   To: Tue Jun 06 22:09:30 IST 2017]
      Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
      SerialNumber: [    9f141eca db1b5892]

    ]
      Algorithm: [SHA256withRSA]
      Signature:
    0000: 52 80 1C 6C CF 67 1E 54   A8 D7 52 63 63 A6 5C E8  R..l.g.T..Rcc.\.
    0010: 06 AB 45 17 D9 EF A5 BA   AB 15 63 D0 8B 3E A8 F4  ..E.......c..>..
    0020: 16 DD 0A AB 64 7D 16 BD   B6 72 61 51 2C CA F3 F0  ....d....raQ,...
    0030: 72 42 AF EF 67 0C B8 F4   99 26 34 12 A6 44 67 81  rB..g....&4..Dg.
    0040: 78 79 4B 29 CC FB BC 75   32 61 54 1D C4 5F F2 BD  xyK)...u2aT.._..
    0050: 0E 5C A4 C0 A5 67 44 53   1B 0C 58 01 F0 A2 EC F3  .\...gDS..X.....
    0060: 94 F3 D9 FB D3 1A A5 BA   D9 7E 9E 49 90 10 84 7F  ...........I....
    0070: A6 7E 03 80 C0 17 2E F3   89 DE 27 31 C1 54 B5 AC  ..........'1.T..

    ]
    ***
    %% Negotiating:  [Session-28, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
    *** ServerHello, TLSv1.2
    RandomCookie:  GMT: 1465167446 bytes = { 103, 27, 241, 116, 15, 29, 188, 76, 143, 250, 43, 244, 203, 202, 45, 229, 174, 22, 232, 84, 101, 180, 15, 46, 1, 2, 102, 153 }
    Session ID:  {87, 85, 174, 86, 57, 163, 69, 204, 125, 206, 51, 246, 36, 126, 169, 3, 253, 63, 0, 8, 97, 161, 116, 83, 52, 47, 229, 6, 202, 194, 109, 25}
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    Compression Method: 0
    Extension renegotiation_info, renegotiated_connection: <empty>
    ***
    Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    *** Certificate chain
    chain [0] = [
    [
      Version: V1
      Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
      Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

      Key:  Sun RSA public key, 1024 bits
      modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147
      public exponent: 65537
      Validity: [From: Mon Jun 06 22:09:30 IST 2016,
                   To: Tue Jun 06 22:09:30 IST 2017]
      Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
      SerialNumber: [    9f141eca db1b5892]

    ]
      Algorithm: [SHA256withRSA]
      Signature:
    0000: 52 80 1C 6C CF 67 1E 54   A8 D7 52 63 63 A6 5C E8  R..l.g.T..Rcc.\.
    0010: 06 AB 45 17 D9 EF A5 BA   AB 15 63 D0 8B 3E A8 F4  ..E.......c..>..
    0020: 16 DD 0A AB 64 7D 16 BD   B6 72 61 51 2C CA F3 F0  ....d....raQ,...
    0030: 72 42 AF EF 67 0C B8 F4   99 26 34 12 A6 44 67 81  rB..g....&4..Dg.
    0040: 78 79 4B 29 CC FB BC 75   32 61 54 1D C4 5F F2 BD  xyK)...u2aT.._..
    0050: 0E 5C A4 C0 A5 67 44 53   1B 0C 58 01 F0 A2 EC F3  .\...gDS..X.....
    0060: 94 F3 D9 FB D3 1A A5 BA   D9 7E 9E 49 90 10 84 7F  ...........I....
    0070: A6 7E 03 80 C0 17 2E F3   89 DE 27 31 C1 54 B5 AC  ..........'1.T..

    ]
    ***
    *** ECDH ServerKeyExchange
    *** ECDH ServerKeyExchange
    Signature Algorithm SHA512withRSA
    Server key: Sun EC public key, 256 bits
      public x coord: 85555666343139018963533967280538968797633662983139641438682557033369225999165
      public y coord: 8427840957609862596834523195604231585301724865593291933177525359181625802444
      parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
    *** CertificateRequest
    Cert Types: RSA, DSS, ECDSA
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
    Cert Authorities:
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN>
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN>
    *** ServerHelloDone
    Signature Algorithm SHA512withRSA
    http-nio-8443-exec-1, WRITE: TLSv1.2 Handshake, length = 1336
    Server key: Sun EC public key, 256 bits
      public x coord: 84402873937186238897029201223811091119078490206065291036407576822220964455837
      public y coord: 102495088922183201760899172514801345100289489285600965229707082740951466499978
      parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
    *** CertificateRequest
    Cert Types: RSA, DSS, ECDSA
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
    Cert Authorities:
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN>
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN>
    *** ServerHelloDone
    http-nio-8443-exec-9, WRITE: TLSv1.2 Handshake, length = 1336
    http-nio-8443-exec-9, called closeOutbound()
    http-nio-8443-exec-9, closeOutboundInternal()
    http-nio-8443-exec-9, SEND TLSv1.2 ALERT:  warning, description = close_notify
    http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2
    http-nio-8443-exec-9, called closeOutbound()
    http-nio-8443-exec-9, closeOutboundInternal()
    http-nio-8443-exec-9, SEND TLSv1.2 ALERT:  warning, description = close_notify
    http-nio-8443-exec-9, WRITE: TLSv1.2 Alert, length = 2
    Using SSLEngineImpl.
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
    Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    Allow unsafe renegotiation: false
    Allow legacy hello messages: true
    Is initial handshake: true
    Is secure renegotiation: false
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
    Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
    Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
    http-nio-8443-exec-4, READ: TLSv1 Handshake, length = 185
    *** ClientHello, TLSv1.2
    RandomCookie:  GMT: -1587396700 bytes = { 168, 137, 156, 195, 17, 132, 253, 181, 204, 114, 165, 228, 86, 231, 233, 158, 148, 15, 75, 153, 17, 24, 212, 36, 209, 134, 90, 182 }
    Session ID:  {}
    Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, Unknown 0xcc:0xa9, Unknown 0xcc:0xa8, Unknown 0xcc:0x14, Unknown 0xcc:0x13, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
    Compression Methods:  { 0 }
    Extension renegotiation_info, renegotiated_connection: <empty>
    Extension server_name, server_name: [type=host_name (0), value=localhost]
    Unsupported extension type_23, data: 
    Unsupported extension type_35, data: 
    Extension signature_algorithms, signature_algorithms: SHA512withRSA, SHA512withECDSA, SHA384withRSA, SHA384withECDSA, SHA256withRSA, SHA256withECDSA, SHA1withRSA, SHA1withECDSA
    Unsupported extension status_request, data: 01:00:00:00:00
    Unsupported extension type_18, data: 
    Unsupported extension type_16, data: 00:0c:02:68:32:08:68:74:74:70:2f:31:2e:31
    Unsupported extension type_30032, data: 
    Extension ec_point_formats, formats: [uncompressed]
    Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1}
    ***
    %% Initialized:  [Session-29, SSL_NULL_WITH_NULL_NULL]
    %% Negotiating:  [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
    *** ServerHello, TLSv1.2
    RandomCookie:  GMT: 1465167446 bytes = { 225, 169, 240, 135, 216, 14, 179, 8, 242, 163, 54, 198, 242, 182, 103, 125, 233, 71, 73, 94, 94, 112, 96, 92, 230, 44, 24, 124 }
    Session ID:  {87, 85, 174, 86, 58, 130, 84, 54, 254, 224, 181, 52, 14, 113, 71, 231, 52, 58, 218, 105, 147, 197, 135, 24, 188, 193, 25, 160, 12, 186, 145, 122}
    Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    Compression Method: 0
    Extension renegotiation_info, renegotiated_connection: <empty>
    ***
    Cipher suite:  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    *** Certificate chain
    chain [0] = [
    [
      Version: V1
      Subject: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
      Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

      Key:  Sun RSA public key, 1024 bits
      modulus: 119392845705983053232381066342242552100246759562149136263179036450311601341483905580607024283403956181584600045082844169675168228225812598145033750549880051511514384914836915917053974822328749850134357052060356957993078530363525462150764881452639783264103642429891992181964954455911798298926528546562832494147
      public exponent: 65537
      Validity: [From: Mon Jun 06 22:09:30 IST 2016,
                   To: Tue Jun 06 22:09:30 IST 2017]
      Issuer: [email protected], CN=localhost, OU=localhost, O=ITCOVENANT, L=Coimbatore, ST=Tamil Badu, C=IN
      SerialNumber: [    9f141eca db1b5892]

    ]
      Algorithm: [SHA256withRSA]
      Signature:
    0000: 52 80 1C 6C CF 67 1E 54   A8 D7 52 63 63 A6 5C E8  R..l.g.T..Rcc.\.
    0010: 06 AB 45 17 D9 EF A5 BA   AB 15 63 D0 8B 3E A8 F4  ..E.......c..>..
    0020: 16 DD 0A AB 64 7D 16 BD   B6 72 61 51 2C CA F3 F0  ....d....raQ,...
    0030: 72 42 AF EF 67 0C B8 F4   99 26 34 12 A6 44 67 81  rB..g....&4..Dg.
    0040: 78 79 4B 29 CC FB BC 75   32 61 54 1D C4 5F F2 BD  xyK)...u2aT.._..
    0050: 0E 5C A4 C0 A5 67 44 53   1B 0C 58 01 F0 A2 EC F3  .\...gDS..X.....
    0060: 94 F3 D9 FB D3 1A A5 BA   D9 7E 9E 49 90 10 84 7F  ...........I....
    0070: A6 7E 03 80 C0 17 2E F3   89 DE 27 31 C1 54 B5 AC  ..........'1.T..

    ]
    ***
    *** ECDH ServerKeyExchange
    Signature Algorithm SHA512withRSA
    Server key: Sun EC public key, 256 bits
      public x coord: 81903135861506604845195203015394003955799288815680914864504286597024832297135
      public y coord: 106714826192296131282741266053860770585192831249415196199432006232074628631588
      parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
    *** CertificateRequest
    Cert Types: RSA, DSS, ECDSA
    Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
    Cert Authorities:
    <[email protected], CN=localhost, OU=localhost, O=ItCovenant, L=Coimbatore, ST=Tamil Nadu, C=IN>
    <[email protected], CN=localhost, OU=localroot, O=Root, L=Coimbatore, ST=TamilNadu, C=IN>
    *** ServerHelloDone
    http-nio-8443-exec-4, WRITE: TLSv1.2 Handshake, length = 1336
    http-nio-8443-exec-6, READ: TLSv1.2 Handshake, length = 7
    *** Certificate chain
    <Empty>
    ***
    http-nio-8443-exec-6, fatal error: 42: null cert chain
    javax.net.ssl.SSLHandshakeException: null cert chain
    %% Invalidated:  [Session-29, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
    http-nio-8443-exec-6, SEND TLSv1.2 ALERT:  fatal, description = bad_certificate
    http-nio-8443-exec-6, WRITE: TLSv1.2 Alert, length = 2
    http-nio-8443-exec-6, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
    http-nio-8443-exec-6, called closeOutbound()
    http-nio-8443-exec-6, closeOutboundInternal()

На стороне клиента у меня есть следующая ошибка в браузере

Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT

Клиент не отправляет свой сертификат, когда его запрашивает сервер.

Должен ли я сохранять clientauth=true как на клиенте, так и на сервере?

My Server keystore contains server.pfx
My Server trustore contains client.crt and ca.crt
My Client keystore contains client.p12 client.crt ca.crt
My Client trustore contains server.crt

Спасибо

briantaurostack7 06.06.2016 источник

Ответы (2)

arrow_upward
2
arrow_downward

Сервер запрашивает сертификат и предоставляет список доверенных подписантов. Это происходит из хранилища доверенных сертификатов сервера. У клиента нет сертификата, подписанного одной из этих подписывающих сторон в его хранилище ключей, поэтому он не может отправить сертификат.

Решение: либо подпишите сертификат клиента одним из доверенных подписывающих лиц, либо улучшите число доверенных подписывающих лиц, включив в него подписывающего сертификата клиента.

user207421 06.06.2016

arrow_upward
-1
arrow_downward

Наконец-то я нашел решение. Я просто не устанавливал client.p12 в браузере, и, следовательно, мой клиент не отправлял свой сертификат на сервер. Как только я установил client.p12 в браузере, он начал работать.

briantaurostack7 07.06.2016

Как настроить двусторонний ssl на клиенте и сервере на tomcat 7, используя openssl для генерации сертификата ssl?

Ответы (2)

Вопросы по теме