I have following connectors in server.xml file and working for a long time with various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. I verified that 9.0.80 is working. What I am getting from 9.0.81 on startup is I will get pass phrase prompt on tomcat start up and following errors in the log. I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the problem?
Thanks 28-Feb-2024 06:26:05.127 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio2-8080"] 28-Feb-2024 06:26:05.150 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-nio-9749"] connector has been configured to support negotiation to [h2] via ALPN 28-Feb-2024 06:26:05.150 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-9749"] 28-Feb-2024 06:27:47.172 WARNING [main] org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL context java.lang.Exception: Unable to load certificate key C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.key (error:1E08010C:DECODER routines::unsupported) at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.openssl.OpenSSLContext.addCertificate(OpenSSLContext.java:492) at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:349) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:268) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:236) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1334) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1347) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:654) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1009) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:554) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1046) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.startup.Catalina.load(Catalina.java:686) at org.apache.catalina.startup.Catalina.load(Catalina.java:709) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475) 28-Feb-2024 06:27:47.174 INFO [main] org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector [https-openssl-nio-9749], TLS virtual host [_default_], certificate type [RSA] configured from key [C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.key], certificate [C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.cer] and certificate chain [C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.chain.net.pem] with trust store [null] 28-Feb-2024 06:27:47.175 INFO [main] org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The ["https-openssl-nio-9869"] connector has been configured to support negotiation to [h2] via ALPN <Connector server="NOYB" port="9749" protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" compression="on" compressionMinSize="1024" compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json" SSLEnabled="true" scheme="https" secure="true" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"> <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2"> <Certificate certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" certificateFile="${catalina.base}/conf/r3m/files/server.cer" certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" certificateKeyPassword="hideme" type="RSA"/> </SSLHostConfig> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/> </Connector> <Connector server="NOYB" port="9869" protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" compression="on" compressionMinSize="1024" compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json" SSLEnabled="true" scheme="https" secure="true" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"> <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2"> <Certificate certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" certificateFile="${catalina.base}/conf/r3m/files/server.cer" certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" certificateKeyPassword="hideme" type="RSA"/> </SSLHostConfig> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/> </Connector> <Connector server="NOYB" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" compression="on" compressionMinSize="1024" compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json" SSLEnabled="true" scheme="https" secure="true" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"> <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2"> <Certificate certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" certificateFile="${catalina.base}/conf/r3m/files/server.cer" certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" certificateKeyPassword="hideme" type="RSA"/> </SSLHostConfig> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/> </Connector> <Connector server="NOYB" port="8888" protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" compression="on" compressionMinSize="1024" compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json" SSLEnabled="true" scheme="https" secure="true" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"> <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2"> <Certificate certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" certificateFile="${catalina.base}/conf/r3m/files/server.cer" certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" certificateKeyPassword="hideme" type="RSA"/> </SSLHostConfig> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/> </Connector>