On 08/08/2018 20:22, Arnold Morein wrote:
I have a company-issued, signed SSL cert installed in my Tomcat 8 system and all is well.

I downloaded and set up Tomcat 9.0.10 and simply copied the same JKS file over to match my TC8 config.

[code]
     <Connector SSLEnabled="true" clientAuth="false"
                keyAlias="developer-server"
                keystoreFile="conf/ssl/mockServerKeyStore.jks"
                keystorePass="xxx"
                truststoreFile="conf/ssl/mockClientTrustStore.jks"
                truststorePass="xxx"
                maxConnections="1000" maxThreads="100"
               port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                scheme="https" secure="true" sslProtocol="TLS" />
[code]

[code]
SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed     at org.apache.catalina.connector.Connector.initInternal(Connector.java:935)
     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:530)
     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:852)
     at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
     at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
     at org.apache.catalina.startup.Catalina.load(Catalina.java:656)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)     at sun.reflect.DelegatingMethodAccessorImpl.__invoke(DelegatingMethodAccessorImpl.java:43)     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:45009)     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:45012)
     at java.lang.reflect.Method.invoke(Method.java:498)
     at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
     at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty     at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)     at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
     at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1043)
     at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540)
    at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)     at org.apache.catalina.connector.Connector.initInternal(Connector.java:932)
     ... 15 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty     at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
     at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157)
    at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130)     at org.apache.tomcat.util.net.jsse.JSSEUtil.getParameters(JSSEUtil.java:389)     at org.apache.tomcat.util.net.jsse.JSSEUtil.getTrustManagers(JSSEUtil.java:313)     at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
[code]

There is nothing wrong with the JKS files since SSL works fine with TC8. So why is this error appearing in TC9? They are both using JDK 1.8.0_172.

Tomcat 9.0.x and 8.5.x have stricter requirements than 8.0.x and will throw exceptions where 8.0.x doesn't.

Generally, a good place to start would be using keytool to list the contents of the trust store, confirm the password is correct and that the trust store contains at least one certificate.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to