server.xml setting broken with Tomcat 9.0.81

Wed, 28 Feb 2024 03:41:22 -0800 

I have following connectors in server.xml file and working for a long time with 
various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. I 
verified that 9.0.80 is working.
What I am getting from 9.0.81 on startup is I will get pass phrase prompt on 
tomcat start up and following errors in the log.
I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the 
problem?

Thanks

28-Feb-2024 06:26:05.127 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["http-nio2-8080"]
28-Feb-2024 06:26:05.150 INFO [main] 
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The 
["https-openssl-nio-9749"] connector has been configured to support negotiation 
to [h2] via ALPN
28-Feb-2024 06:26:05.150 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["https-openssl-nio-9749"]
28-Feb-2024 06:27:47.172 WARNING [main] 
org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL 
context
              java.lang.Exception: Unable to load certificate key 
C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.key (error:1E08010C:DECODER 
routines::unsupported)
                             at 
org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
                             at 
org.apache.tomcat.util.net.openssl.OpenSSLContext.addCertificate(OpenSSLContext.java:492)
                             at 
org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:349)
                             at 
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:268)
                             at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
                             at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
                             at 
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:236)
                             at 
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1334)
                             at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1347)
                             at 
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:654)
                             at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75)
                             at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1009)
                             at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
                             at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:554)
                             at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
                             at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1046)
                             at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
                             at 
org.apache.catalina.startup.Catalina.load(Catalina.java:686)
                             at 
org.apache.catalina.startup.Catalina.load(Catalina.java:709)
                             at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                             at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                             at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                             at java.lang.reflect.Method.invoke(Method.java:498)
                             at 
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
                             at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
28-Feb-2024 06:27:47.174 INFO [main] 
org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector 
[https-openssl-nio-9749], TLS virtual host [_default_], certificate type [RSA] 
configured from key [C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.key], 
certificate [C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.cer] and 
certificate chain 
[C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.chain.net.pem] with trust 
store [null]
28-Feb-2024 06:27:47.175 INFO [main] 
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The 
["https-openssl-nio-9869"] connector has been configured to support negotiation 
to [h2] via ALPN

<Connector server="NOYB" port="9749" 
protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" 
acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" 
disableUploadTimeout="true" URIEncoding="UTF-8" compression="on"
           compressionMinSize="1024" 
compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json"
 SSLEnabled="true" scheme="https" secure="true"
           
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
    <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" 
certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2">
        <Certificate 
certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" 
certificateFile="${catalina.base}/conf/r3m/files/server.cer" 
certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" 
certificateKeyPassword="hideme" type="RSA"/>
    </SSLHostConfig>
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
</Connector>

<Connector server="NOYB" port="9869" 
protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" 
acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" 
disableUploadTimeout="true" URIEncoding="UTF-8" compression="on"
           compressionMinSize="1024" 
compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json"
 SSLEnabled="true" scheme="https" secure="true"
           
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
    <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" 
certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2">
        <Certificate 
certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" 
certificateFile="${catalina.base}/conf/r3m/files/server.cer" 
certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" 
certificateKeyPassword="hideme" type="RSA"/>
    </SSLHostConfig>
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
</Connector>

<Connector server="NOYB" port="8443" 
protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" 
acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" 
disableUploadTimeout="true" URIEncoding="UTF-8" compression="on"
           compressionMinSize="1024" 
compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json"
 SSLEnabled="true" scheme="https" secure="true"
           
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
    <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" 
certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2">
        <Certificate 
certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" 
certificateFile="${catalina.base}/conf/r3m/files/server.cer" 
certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" 
certificateKeyPassword="hideme" type="RSA"/>
    </SSLHostConfig>
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
</Connector>

<Connector server="NOYB" port="8888" 
protocol="org.apache.coyote.http11.Http11NioProtocol" maxConnections="1000" 
acceptCount="100" keepAliveTimeout="20000" connectionTimeout="20000" 
disableUploadTimeout="true" URIEncoding="UTF-8" compression="on"
           compressionMinSize="1024" 
compressibleMimeType="text/html,text/xml,text/csv,text/css,text/javascript,text/json,application/json"
 SSLEnabled="true" scheme="https" secure="true"
           
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation">
    <SSLHostConfig insecureRenegotiation="true" certificateVerification="none" 
certificateVerificationDepth="0" protocols="TLSv1+TLSv1.1+TLSv1.2">
        <Certificate 
certificateChainFile="${catalina.base}/conf/r3m/files/server.chain.net.pem" 
certificateFile="${catalina.base}/conf/r3m/files/server.cer" 
certificateKeyFile="${catalina.base}/conf/r3m/files/server.key" 
certificateKeyPassword="hideme" type="RSA"/>
    </SSLHostConfig>
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
</Connector>

Reply via email to