[Bug 56021] SSL connector using windows-my keystore
https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 Mark Thomas changed: What|Removed |Added Resolution|INFORMATIONPROVIDED |FIXED --- Comment #9 from Mark Thomas --- Bugzilla is not a support forum. Please use the users mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 --- Comment #8 from Alexn --- I am using Apache Tomcat Version 8.5.27 on windows server 2016, but cannot get this to work. Can somebody take a look and tell me if I am missing something or this is a bug?. 1. I have the certificate in certmgr.msc (under Personal>Certificates) Issued to says --> CJISeProbApp02. I use this value as the alias. 2. 3. I am running tomcat as logged in user. An I belong to administrator group. 4. Error Log 06-Dec-2019 16:11:07.236 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"] 06-Dec-2019 16:11:07.392 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:113) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:621) at org.apache.catalina.startup.Catalina.load(Catalina.java:644) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:996) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [CJISeProbApp02] does not identify a key entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) ... 13 more Caused by: java.io.IOException: Alias name [CJISeProbApp02] does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:225) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ... 20 more 06-Dec-2019 16:11:07.392 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"] -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 Alexn changed: What|Removed |Added Resolution|FIXED |INFORMATIONPROVIDED --- Comment #7 from Alexn --- I am using Apache Tomcat Version 8.5.27 on windows server 2016, but cannot get this to work. Can somebody take a look and tell me if I am missing something or this is a bug?. 1. I have the certificate in certmgr.msc (under Personal>Certificates) Issued by CJISeProbApp02. I use this value as the alias. 2. 3. I am running tomcat as logged in user. An I belong to administrator group. 4. Error Log 06-Dec-2019 16:11:07.236 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"] 06-Dec-2019 16:11:07.392 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:113) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:621) at org.apache.catalina.startup.Catalina.load(Catalina.java:644) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:996) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name [CJISeProbApp02] does not identify a key entry at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) ... 13 more Caused by: java.io.IOException: Alias name [CJISeProbApp02] does not identify a key entry at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:225) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) ... 20 more 06-Dec-2019 16:11:07.392 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"] -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 --- Comment #6 from Christopher Schultz --- (In reply to Martin Stenderup from comment #5) > It seems to be called "keystorePass" some versions of Tomcat 8. Yes, it's "keystorePass" in all currently supported versions of Tomcat. "keystorePassword" is not a valid configuration attribute for any version of Tomcat. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 --- Comment #5 from Martin Stenderup --- (In reply to Martin Stenderup from comment #4) It seems to be called "keystorePass" some versions of Tomcat 8. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://bz.apache.org/bugzilla/show_bug.cgi?id=56021 --- Comment #4 from Martin Stenderup --- (In reply to joakim_ganse from comment #2) Try by setting keystorePassword="" in your connector configuration (it defaults to "changeit" if not set). This worked for me. I had to step-debug through Tomcats code to figure it out. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://issues.apache.org/bugzilla/show_bug.cgi?id=56021 --- Comment #3 from Asanka sam...@gmail.com --- 1. Make sure you have the correct keyAlias, following openssl command should show alias as the common name (CN) - openssl pkcs12 -info -in filename.pfx 2. Certificate needs to be installed to the LocalMachine\My store if the tomcat service runs with log on as local system. The CurrentUser\My store is not accessible from other user accounts. You can use powershell to install and verify the cert in the LocalMachine\My store. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://issues.apache.org/bugzilla/show_bug.cgi?id=56021 --- Comment #2 from joakim_ganse joakim.ga...@accept-it.se --- Does this work now? and how do I set it up? My current setup is on Windows 2012 R2 with Tomcat 7.0.55. Tomcat is installed as a service. I have verified that the certificate exists in the windows cert manager. Connector port=443 protocol=org.apache.coyote.http11.Http11NioProtocol maxThreads=150 SSLEnabled=true scheme=https secure=true clientAuth=false sslProtocol=TLS KeyAlias=server.my.domain keystoreFile= keystoreType=Windows-MY / Error: 2014-12-17 14:45:14,306 [main] INFO org.apache.coyote.http11.Http11Protocol- Initializing ProtocolHandler [http-bio-8180] 2014-12-17 14:45:14,322 [main] INFO org.apache.coyote.http11.Http11NioProtocol- Initializing ProtocolHandler [http-nio-443] 2014-12-17 14:45:14,759 [main] ERROR org.apache.coyote.http11.Http11NioProtocol- Failed to initialize end point associated with ProtocolHandler [http-nio-443] java.io.IOException: Alias name server.my.domain does not identify a key entry -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://issues.apache.org/bugzilla/show_bug.cgi?id=56021 Mark Thomas ma...@apache.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Mark Thomas ma...@apache.org --- Thanks for the report and the suggested fix. I applied a slightly different patch that allowed some additional code clean-up. The patch has been applied to 8.0.x for 8.0.0 onwards and to 7.0.x for 7.0.51 onwards. Thanks again for your support of the Apache Tomcat community. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56021] SSL connector using windows-my keystore
https://issues.apache.org/bugzilla/show_bug.cgi?id=56021 Asanka sam...@gmail.com changed: What|Removed |Added CC||sam...@gmail.com OS||All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
