https://bz.apache.org/bugzilla/show_bug.cgi?id=63524
--- Comment #6 from Arnaud Kleinveld <arnaud.kleinv...@gmail.com> --- (In reply to Mark Thomas from comment #4) > Success! From a certain point of view. I have been able to recreate this. > You will see this error if you certs are in DER rather than PEM format. > > OpenSSL can handle DER quite happily but the code we added to enable you to > switch seamlessly between OpenSSL and JSSE only works with PEM. > > As a minimum, we should be able to get DER certs working again with OpenSSL. > Getting them working with JSSE as well might be more of a challenge. > Meanwhile conversion to PEM format should get everything working for you. I noticed a message in Tomcat catalina.out log regarding this that may help: "The certificate [/etc/pki/tls/certs/domain2.crt] or its private key [/etc/pki/tls/private/domain2.key] could not be processed using a JSSE key manager and will be given directly to OpenSSL On another note I also use Tomcat APR which is configured to use OpenSSL. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org