Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
On 1/9/20 1:24 AM, Mark Thomas wrote: The moderators are aware of the situation. The subscriber in question was blocked from making further posts an hour or so ago. I'm glad to see that I'm not the only one who looked at those posts, and found them less-than-helpful (I think every link he posted was one using a JKS, and we already know they work fine), and in some cases downright nonsensical. Although making him only the third or fourth user to be kicked out, in the history of the List, seems a bit drastic, unless he has a history of similar actions. At any rate, in answer to Peter's question about my private key, the file looks like: -BEGIN RSA PRIVATE KEY- [REDACTED] -END RSA PRIVATE KEY- and looking at it with KeyStore Explorer tells me it's an RSA private key, 2048 bits, format PKCS#8. As to the cert and chain files, the .cer file looks like: -BEGIN CERTIFICATE- [REDACTED] -END CERTIFICATE- and looking at it with KSE shows that it contains our certificate, and the .ca.crt file looks like: -BEGIN CERTIFICATE- [REDACTED] -END CERTIFICATE- -BEGIN CERTIFICATE- [REDACTED] -END CERTIFICATE- -BEGIN CERTIFICATE- [REDACTED] -END CERTIFICATE- and looking at it with KSE shows that it contains "AddTrust External CA Root," "COMODO RSA Certification Authority," and "COMODO RSA Organization Validation Secure Server CA." -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
James, Am 2020-01-09 00:58, schrieb James H. H. Lampert: I wrote: Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" and ".key" files directly, instead of the Java Keystore file? On 12/30/19 1:41 PM, Peter Kreuser wrote: Correct! I tried an experiment this afternoon: I made a copy of the existing server.xml file, and I changed the active connector from this (keystore file and alias redacted for privacy, ciphers and compressibleMimeTypes clauses redacted because they're quite long, and not relevant here): protocol="org.apache.coyote.http11.Http11NioProtocol" compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="[REDACTED]" maxThreads="1000" socket.appReadBufSize="1024" socket.appWriteBufSize="1024" bufferSize="1024" SSLEnabled="true" scheme="https" secure="true" keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" clientAuth="false" sslProtocol="TLS" /> to this: protocol="org.apache.coyote.http11.Http11NioProtocol" compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="[REDACTED]" maxThreads="1000" socket.appReadBufSize="1024" socket.appWriteBufSize="1024" bufferSize="1024" SSLEnabled="true" scheme="https" secure="true"> certificateKeyFile="[REDACTED].key" certificateChainFile="[REDACTED].ca.crt" /> and restarted Tomcat, and it failed to open the port, producing this in catalina.out: 08-Jan-2020 23:14:09.026 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:639) at org.apache.catalina.startup.Catalina.load(Catalina.java:662) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:995) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) ... 12 more Caused by: java.lang.IllegalArgumentException: Cannot store non-PrivateKeys at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1105) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:224) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) ... 13 more Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:261) at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) at sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117) at sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70) at java.security.KeyStore.setKeyEntry(KeyStore.java:1140) at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:313) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98) ... 20 more I recently came across a similar problem (at least the same error message), where the key was in an unsupported format (first line of the file: "BEGIN EC PRIVATE KEY"; Mark is working on a solution for this). What type of private key are you using? all files PEM
Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
On 09/01/2020 08:27, calder wrote: > Moderators ? The moderators can be contacted via users-ow...@tomcat.apache.org The moderators are aware of the situation. The subscriber in question was blocked from making further posts an hour or so ago. Blocking a user is not a decision the moderators take lightly. Excluding obvious spambots, I can only think of 2 instances in the last 20 years before this one (it might be 3 - my memory is a little hazy going back that far) where a user has been blocked from this list. The moderators try to point out inappropriate behaviour and provide an opportunity for posters to change their behaviour before a ban is applied. The moderators appreciate that behaviour like this can be frustrating. We aim to deal with it as quickly as we can whilst at the same time trying to allow for the fact that everyone can have a bad day sometimes. Mark wearing his list moderator hat - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
Moderators ? On Wed, Jan 8, 2020, 20:44 Zahid Rahman wrote: > > https://stackoverflow.com/questions/46786046/severe-main-org-apache-catalina-core-standardservice-initinternal-failed-to-in > > I went to college and studied IT before finding a job. My teacher explained > to me that you should always look at the first error and ignore the rest. > Then your "teacher" has NO IDEA what they are talking about, as related to log interpretation ... and now, YOU foster the same INVALID information. When one reads a log file, if there are any "Caused by" statements, locate the last "Caused by" in the stack trace, and that is the area of root cause. One can see there are "Caused by's" in the stack trace, so "looking at the first error" does NOT apply in this case. James, do not take Zahid's information as accurate - his knowledge is lacking. First error. > 08-Jan-2020 23:14:09.026 SEVERE [main] > org.apache.catalina.core.StandardService.initInternal > Failed to initialize connector [Connector[HTTP/1.1-8443]] > > > Once that has been addressed then either the remaining will disappear or > address the second error which will then be the first error. > > > On Wed, 8 Jan 2020, 23:59 James H. H. Lampert, > wrote: > > > I wrote: > > > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" > > > and ".key" files directly, instead of the Java Keystore file? > > > > On 12/30/19 1:41 PM, Peter Kreuser wrote: > > > Correct! > > > > I tried an experiment this afternoon: > > > > I made a copy of the existing server.xml file, and I changed the active > > connector from this (keystore file and alias redacted for privacy, > > ciphers and compressibleMimeTypes clauses redacted because they're quite > > long, and not relevant here): > > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > > compression="on" compressionMinSize="2048" > > noCompressionUserAgents="gozilla, traviata" > > > compressableMimeType="[REDACTED]" > > > maxThreads="1000" socket.appReadBufSize="1024" > > socket.appWriteBufSize="1024" bufferSize="1024" > > > SSLEnabled="true" scheme="https" secure="true" > > > keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" > > > clientAuth="false" sslProtocol="TLS" /> > > > > to this: > > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > > compression="on" compressionMinSize="2048" > > noCompressionUserAgents="gozilla, traviata" > > > compressableMimeType="[REDACTED]" > > > maxThreads="1000" socket.appReadBufSize="1024" > > socket.appWriteBufSize="1024" bufferSize="1024" > > > SSLEnabled="true" scheme="https" secure="true"> > > >> >certificateVerification="none" sslProtocol="TLS"> > > > > certificateKeyFile="[REDACTED].key" > > > certificateChainFile="[REDACTED].ca.crt" /> > > > > > > > > > > and restarted Tomcat, and it failed to open the port, producing this in > > catalina.out: > > > 08-Jan-2020 23:14:09.026 SEVERE [main] > > org.apache.catalina.core.StandardService.initInternal Failed to > initialize > > connector [Connector[HTTP/1.1-8443]] > > > org.apache.catalina.LifecycleException: Failed to initialize component > > [Connector[HTTP/1.1-8443]] > > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) > > > at > > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) > > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > > at > > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) > > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) > > > at org.apache.catalina.startup.Catalina.load(Catalina.java:662) > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > > at java.lang.reflect.Method.invoke(Method.java:498) > > > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) > > > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) > > > Caused by: org.apache.catalina.LifecycleException: Protocol handler > > initialization failed > > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:995) > > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > > ... 12 more > > > Caused by: java.lang.IllegalArgumentException: Cannot store > > non-PrivateKeys > > > at org.apache.tomcat.util.net > > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) > > > at org.apache.tomcat.util.net > > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) > > >
Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
The second technique is to use the *.nix command. The result is as below diff a.out b.out I draw your attention to third line in FILE b.out 5,7c5,7 < SSLEnabled="true" scheme="https" secure="true" < keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" < clientAuth="false" sslProtocol="TLS" /> --- > SSLEnabled="true" scheme="https" secure="true"> > certificateVerification="none" sslProtocol="TLS"> *cat a.out* *cat b.out* www.backbutton.co.uk ♡۶¯\_(ツ)_/¯ ♡۶ Marriage of loose and tight coupling -> healthy applications ♡۶ java -cp classpath class-path On Wed, 8 Jan 2020 at 23:59, James H. H. Lampert wrote: > I wrote: > > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" > > and ".key" files directly, instead of the Java Keystore file? > > On 12/30/19 1:41 PM, Peter Kreuser wrote: > > Correct! > > I tried an experiment this afternoon: > > I made a copy of the existing server.xml file, and I changed the active > connector from this (keystore file and alias redacted for privacy, > ciphers and compressibleMimeTypes clauses redacted because they're quite > long, and not relevant here): > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > compression="on" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > > compressableMimeType="[REDACTED]" > > maxThreads="1000" socket.appReadBufSize="1024" > socket.appWriteBufSize="1024" bufferSize="1024" > > SSLEnabled="true" scheme="https" secure="true" > > keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" > > clientAuth="false" sslProtocol="TLS" /> > > to this: > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > compression="on" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > > compressableMimeType="[REDACTED]" > > maxThreads="1000" socket.appReadBufSize="1024" > socket.appWriteBufSize="1024" bufferSize="1024" > > SSLEnabled="true" scheme="https" secure="true"> > >>certificateVerification="none" sslProtocol="TLS"> > > certificateKeyFile="[REDACTED].key" > > certificateChainFile="[REDACTED].ca.crt" /> > > > > > > and restarted Tomcat, and it failed to open the port, producing this in > catalina.out: > > 08-Jan-2020 23:14:09.026 SEVERE [main] > org.apache.catalina.core.StandardService.initInternal Failed to initialize > connector [Connector[HTTP/1.1-8443]] > > org.apache.catalina.LifecycleException: Failed to initialize component > [Connector[HTTP/1.1-8443]] > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) > > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:662) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) > > Caused by: org.apache.catalina.LifecycleException: Protocol handler > initialization failed > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:995) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > ... 12 more > > Caused by: java.lang.IllegalArgumentException: Cannot store > non-PrivateKeys > > at org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) > > at org.apache.tomcat.util.net > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) > > at org.apache.tomcat.util.net > .NioEndpoint.bind(NioEndpoint.java:244) > > at org.apache.tomcat.util.net > .AbstractEndpoint.init(AbstractEndpoint.java:1105) > > at org.apache.tomcat.util.net > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:224) > > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) > > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:993) > > ... 13 more > > Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys > > at > sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:261) > > at >
Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
http://tomcat.10.x6.nabble.com/Can-t-Get-SSL-to-Work-in-8-5-td5071245.html On Thu, 9 Jan 2020, 03:01 Zahid Rahman, wrote: > > https://confluence.atlassian.com/confkb/ssl-connector-fails-to-initialize-during-tomcat-startup-646251490.html > > On Thu, 9 Jan 2020, 02:44 Zahid Rahman, wrote: > >> >> https://stackoverflow.com/questions/46786046/severe-main-org-apache-catalina-core-standardservice-initinternal-failed-to-in >> >> I went to college and studied IT before finding a job. My teacher >> explained to me that you should always look at the first error and ignore >> the rest. >> >> >> First error. >> 08-Jan-2020 23:14:09.026 SEVERE [main] >> org.apache.catalina.core.StandardService.initInternal >> Failed to initialize connector [Connector[HTTP/1.1-8443]] >> >> >> Once that has been addressed then either the remaining will disappear >> or address the second error which will then be the first error. >> >> >> >> >> >> >> On Wed, 8 Jan 2020, 23:59 James H. H. Lampert, >> wrote: >> >>> I wrote: >>> > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" >>> > and ".key" files directly, instead of the Java Keystore file? >>> >>> On 12/30/19 1:41 PM, Peter Kreuser wrote: >>> > Correct! >>> >>> I tried an experiment this afternoon: >>> >>> I made a copy of the existing server.xml file, and I changed the active >>> connector from this (keystore file and alias redacted for privacy, >>> ciphers and compressibleMimeTypes clauses redacted because they're quite >>> long, and not relevant here): >>> > >> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> > compression="on" compressionMinSize="2048" >>> noCompressionUserAgents="gozilla, traviata" >>> > compressableMimeType="[REDACTED]" >>> > maxThreads="1000" socket.appReadBufSize="1024" >>> socket.appWriteBufSize="1024" bufferSize="1024" >>> > SSLEnabled="true" scheme="https" secure="true" >>> > keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" >>> > clientAuth="false" sslProtocol="TLS" /> >>> >>> to this: >>> > >> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> > compression="on" compressionMinSize="2048" >>> noCompressionUserAgents="gozilla, traviata" >>> > compressableMimeType="[REDACTED]" >>> > maxThreads="1000" socket.appReadBufSize="1024" >>> socket.appWriteBufSize="1024" bufferSize="1024" >>> > SSLEnabled="true" scheme="https" secure="true"> >>> > >> >certificateVerification="none" sslProtocol="TLS"> >>> > >> certificateKeyFile="[REDACTED].key" >>> > certificateChainFile="[REDACTED].ca.crt" /> >>> > >>> > >>> >>> and restarted Tomcat, and it failed to open the port, producing this in >>> catalina.out: >>> > 08-Jan-2020 23:14:09.026 SEVERE [main] >>> org.apache.catalina.core.StandardService.initInternal Failed to initialize >>> connector [Connector[HTTP/1.1-8443]] >>> > org.apache.catalina.LifecycleException: Failed to initialize >>> component [Connector[HTTP/1.1-8443]] >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) >>> > at >>> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >>> > at >>> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) >>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:662) >>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> > at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>> > at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> > at java.lang.reflect.Method.invoke(Method.java:498) >>> > at >>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) >>> > at >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) >>> > Caused by: org.apache.catalina.LifecycleException: Protocol handler >>> initialization failed >>> > at >>> org.apache.catalina.connector.Connector.initInternal(Connector.java:995) >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >>> > ... 12 more >>> > Caused by: java.lang.IllegalArgumentException: Cannot store >>> non-PrivateKeys >>> > at org.apache.tomcat.util.net >>> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) >>> > at org.apache.tomcat.util.net >>> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) >>> > at org.apache.tomcat.util.net >>> .NioEndpoint.bind(NioEndpoint.java:244) >>> > at org.apache.tomcat.util.net >>> .AbstractEndpoint.init(AbstractEndpoint.java:1105) >>> > at org.apache.tomcat.util.net >>>
Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
https://confluence.atlassian.com/confkb/ssl-connector-fails-to-initialize-during-tomcat-startup-646251490.html On Thu, 9 Jan 2020, 02:44 Zahid Rahman, wrote: > > https://stackoverflow.com/questions/46786046/severe-main-org-apache-catalina-core-standardservice-initinternal-failed-to-in > > I went to college and studied IT before finding a job. My teacher > explained to me that you should always look at the first error and ignore > the rest. > > > First error. > 08-Jan-2020 23:14:09.026 SEVERE [main] > org.apache.catalina.core.StandardService.initInternal > Failed to initialize connector [Connector[HTTP/1.1-8443]] > > > Once that has been addressed then either the remaining will disappear or > address the second error which will then be the first error. > > > > > > > On Wed, 8 Jan 2020, 23:59 James H. H. Lampert, > wrote: > >> I wrote: >> > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" >> > and ".key" files directly, instead of the Java Keystore file? >> >> On 12/30/19 1:41 PM, Peter Kreuser wrote: >> > Correct! >> >> I tried an experiment this afternoon: >> >> I made a copy of the existing server.xml file, and I changed the active >> connector from this (keystore file and alias redacted for privacy, >> ciphers and compressibleMimeTypes clauses redacted because they're quite >> long, and not relevant here): >> > > protocol="org.apache.coyote.http11.Http11NioProtocol" >> > compression="on" compressionMinSize="2048" >> noCompressionUserAgents="gozilla, traviata" >> > compressableMimeType="[REDACTED]" >> > maxThreads="1000" socket.appReadBufSize="1024" >> socket.appWriteBufSize="1024" bufferSize="1024" >> > SSLEnabled="true" scheme="https" secure="true" >> > keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" >> > clientAuth="false" sslProtocol="TLS" /> >> >> to this: >> > > protocol="org.apache.coyote.http11.Http11NioProtocol" >> > compression="on" compressionMinSize="2048" >> noCompressionUserAgents="gozilla, traviata" >> > compressableMimeType="[REDACTED]" >> > maxThreads="1000" socket.appReadBufSize="1024" >> socket.appWriteBufSize="1024" bufferSize="1024" >> > SSLEnabled="true" scheme="https" secure="true"> >> > > >certificateVerification="none" sslProtocol="TLS"> >> > > certificateKeyFile="[REDACTED].key" >> > certificateChainFile="[REDACTED].ca.crt" /> >> > >> > >> >> and restarted Tomcat, and it failed to open the port, producing this in >> catalina.out: >> > 08-Jan-2020 23:14:09.026 SEVERE [main] >> org.apache.catalina.core.StandardService.initInternal Failed to initialize >> connector [Connector[HTTP/1.1-8443]] >> > org.apache.catalina.LifecycleException: Failed to initialize component >> [Connector[HTTP/1.1-8443]] >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) >> > at >> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> > at >> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) >> > at org.apache.catalina.startup.Catalina.load(Catalina.java:662) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> > at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:498) >> > at >> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) >> > at >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) >> > Caused by: org.apache.catalina.LifecycleException: Protocol handler >> initialization failed >> > at >> org.apache.catalina.connector.Connector.initInternal(Connector.java:995) >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> > ... 12 more >> > Caused by: java.lang.IllegalArgumentException: Cannot store >> non-PrivateKeys >> > at org.apache.tomcat.util.net >> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) >> > at org.apache.tomcat.util.net >> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) >> > at org.apache.tomcat.util.net >> .NioEndpoint.bind(NioEndpoint.java:244) >> > at org.apache.tomcat.util.net >> .AbstractEndpoint.init(AbstractEndpoint.java:1105) >> > at org.apache.tomcat.util.net >> .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:224) >> > at >> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) >> > at >> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) >> > at >>
Re: Using the certificate files instead of a Java Keystore file, Re: Let's Encrypt with Tomcat?
https://stackoverflow.com/questions/46786046/severe-main-org-apache-catalina-core-standardservice-initinternal-failed-to-in I went to college and studied IT before finding a job. My teacher explained to me that you should always look at the first error and ignore the rest. First error. 08-Jan-2020 23:14:09.026 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]] Once that has been addressed then either the remaining will disappear or address the second error which will then be the first error. On Wed, 8 Jan 2020, 23:59 James H. H. Lampert, wrote: > I wrote: > > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" > > and ".key" files directly, instead of the Java Keystore file? > > On 12/30/19 1:41 PM, Peter Kreuser wrote: > > Correct! > > I tried an experiment this afternoon: > > I made a copy of the existing server.xml file, and I changed the active > connector from this (keystore file and alias redacted for privacy, > ciphers and compressibleMimeTypes clauses redacted because they're quite > long, and not relevant here): > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > compression="on" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > > compressableMimeType="[REDACTED]" > > maxThreads="1000" socket.appReadBufSize="1024" > socket.appWriteBufSize="1024" bufferSize="1024" > > SSLEnabled="true" scheme="https" secure="true" > > keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" > > clientAuth="false" sslProtocol="TLS" /> > > to this: > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > compression="on" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > > compressableMimeType="[REDACTED]" > > maxThreads="1000" socket.appReadBufSize="1024" > socket.appWriteBufSize="1024" bufferSize="1024" > > SSLEnabled="true" scheme="https" secure="true"> > >>certificateVerification="none" sslProtocol="TLS"> > > certificateKeyFile="[REDACTED].key" > > certificateChainFile="[REDACTED].ca.crt" /> > > > > > > and restarted Tomcat, and it failed to open the port, producing this in > catalina.out: > > 08-Jan-2020 23:14:09.026 SEVERE [main] > org.apache.catalina.core.StandardService.initInternal Failed to initialize > connector [Connector[HTTP/1.1-8443]] > > org.apache.catalina.LifecycleException: Failed to initialize component > [Connector[HTTP/1.1-8443]] > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) > > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) > > at org.apache.catalina.startup.Catalina.load(Catalina.java:662) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) > > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) > > Caused by: org.apache.catalina.LifecycleException: Protocol handler > initialization failed > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:995) > > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > > ... 12 more > > Caused by: java.lang.IllegalArgumentException: Cannot store > non-PrivateKeys > > at org.apache.tomcat.util.net > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) > > at org.apache.tomcat.util.net > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) > > at org.apache.tomcat.util.net > .NioEndpoint.bind(NioEndpoint.java:244) > > at org.apache.tomcat.util.net > .AbstractEndpoint.init(AbstractEndpoint.java:1105) > > at org.apache.tomcat.util.net > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:224) > > at > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) > > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:993) > > ... 13 more > > Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys > > at > sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:261) > > at >
