On Fri, Sep 27, 2019 at 9:40 AM Mark Thomas <ma...@apache.org> wrote:
> > <Certificate
> > certificateFile="key_store/ssl_certificate.p7b"
> > certificateAlias="bla"
> > keystoreFile="/key_store/blabla.jks" type="RSA"
> > keystoreType="JKS"
> > keyChainFile="key_store/linux_apex_inter_x509.cer"
> > keystorePassword="<password" />
>
> We need to exactly how each of the following files were created and/or
> exactly what is in each file:
>
> - ssl_certificate.p7b
> - blabla.jks
> - linux_apex_inter_x509.cer
>
> It might be as simple as you need to import the p7b file into the
> keystore and remove the certificateFile setting. But that is just a wild
> guess without knowing what is in those files.
>
I'm a bit lost here.
Normally certificateFile and keystoreFile should be "exclusive" (if
keystoreFile is set, then certificateFile will be ignored - it seems it
could be nice to add a warning ...), and I don't know about a keyChainFile
attribute either (I verified I get a proper "WARNING [main]
org.apache.catalina.startup.SetAllPropertiesRule.begin
[SetAllPropertiesRule]{Server/Service/Connector/SSLHostConfig/Certificate}
Setting property 'keyChainFile' to 'foobar' did not find a matching
property." in my logs).
So the config should be looked at again first, I think only keystoreFile
will be used and it will be the cause of the error.
Since you made plenty of special cases fixes since 8.5.32 for this, Venkat
should probably first test again with 8.5.46 (IMO).
Rémy
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
