I am using Tomcat 7.0.70 for my application with SSL. I got renewed certificates from GoDaddy. I deleted the old certificates from KeyStore and installed the new certificates with same alias.After installation, I restarted Tomcat but the application doesn't come up. On Chrome I get the following error:

HOST uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Unsupported protocol The client and server don't support a common SSLprotocol version or cipher suite.

I reverted back to the old certificates and the application came up fine. I am not sure what is wrong here. The certs are renewed from Go Daddy itself so CSR hasn't changed, and same KeyStore is being used so private key has not changed as well.

I cannot rekey the certificate as that will cause the old certificates to expire within 3 days which would impact our workloads.

  • Check the advice given here. This is most likely a browser error related to TLS. Check the site with the new certificate in a different browser.– JakeGouldJan 13 at 23:09
  • You can't delete only the cert(s) from a privateKeyEntry. If you deleted the entire privateKeyEntry with -delete and then imported the cert(s) with -import[cert] you created a keystore containing only trustedCertEntry's and no private key, which doesn't work; look with keytool -list. Since you apparently have a file still containing the privateKeyEntry, just -import[cert] your new cert or chain to that existing entry; the new cert(s) replace the existing cert(s), you don't need to delete anything.– dave_thompson_085Jan 14 at 4:45
  • Dave, that was the Issue. I tried that earlier to import the new cert on same alias and it threw me alias already existing error. I tried again after your comment to import the new cert with the same alias and it worked fine this time. I wasted so many hours for something so simple. Thank you for your help!– mrityunjayJan 14 at 15:31

Your Answer

 
discard

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Browse other questions tagged or ask your own question.