I resolved my issue by recreate the private key with different encryption My old key was encrypted with DES-CBC, and new one I used AES-256-CBC https://stackoverflow.com/questions/17733536/how-to-convert-a-private-key-to-an-rsa-private-key
openssl rsa -aes256 -in server.key -out new.key To answer some of your questions: I tested with 9.0.86, 9.0.82, 9.0.81 and they all gave the me same error/failure. -----Original Message----- From: Konstantin Kolinko <knst.koli...@gmail.com> Sent: Wednesday, February 28, 2024 10:48 AM To: users@tomcat.apache.org Subject: Re: server.xml setting broken with Tomcat 9.0.81 ср, 28 февр. 2024 г. в 14:42, Jonathan Ho <jonathan...@neouisolutions.com>: > > I have following connectors in server.xml file and working for a long time > with various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. > I verified that 9.0.80 is working. > What I am getting from 9.0.81 on startup is I will get pass phrase prompt on > tomcat start up and following errors in the log. > I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the > problem? > 1. OpenSSL 1.1.1 has reached End-of-Life, https://www.openssl.org/blog/blog/2023/09/11/eol-111/ 2. If you suspect, that the version of Tomcat Native is the trigger of this issue: On Windows it is easy to verify whether it is the cause: just replace "bin/tcnative-1.dll" with an older version. > or newer versions. 3. What never versions have you tested? Have you tested the current Tomcat 9.0.86? It updates Tomcat Native further, to 1.3.0. Have you tested 9.0.83 or later? https://bz.apache.org/bugzilla/show_bug.cgi?id=67675 Is not exactly your issue, but of a similar topic. > I will get pass phrase prompt 4. That prompt is not issued by Tomcat. Is that prompt expected? Are you typing the password correctly? Are you able to decode your key file using openssl.exe from a command line? Note that a copy of openssl.exe is included with Tomcat Native binaries downloadable from https://tomcat.apache.org/download-native.cgi Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
