Chris, On Wed, 4 Dec 2019 at 18:34, Konstantin Kolinko <knst.koli...@gmail.com> wrote:
> ср, 4 дек. 2019 г. в 20:28, Christopher Schultz < > ch...@christopherschultz.net>: > > > > All, > > > > I feel like I should be able to figure this out on my own, but I'm > > drawing a blank. > > > > I'm trying to upgrade from Apache Tomcat 8.0.35 to Apache Tomcat > > 8.5.35 and I'm getting errors on a certain portion of the > > conf/server.xml configuration. > > > > I copy have a perfect copy/paste of the config file here but basically > > this is configuring a keystore for TLS. Something like this: > > > > <Connector [...] > > keystoreFile="E:\path\to\keystore.jks" > > [...] > > /> > > > > The error is "unknown protocol: e". Clearly, Tomcat/Java/URL/whatever > > thinks that "E:" is a protocol. No problem... this has to be a file > > URL, so let's make it a file URL: [...] > > Chris, > > 1) Do know where that message is produced? (Stacktrace? What version of > Tomcat?) > > E.g. it may be that the code has several attempts to use the value a) > as file path, b) as URL, and you only see the message from the second > attempt b), but it is a) that fails. > > Is your keystoreFile path correct? > > 2) Why the settings are specified on a <Connector>. They will be > translated into <SSLHostConfig>/<Certificate> on the fly, but maybe > something is broken. > > > http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_Certificate > It says that certificateKeystoreFile can be an URI. > > 3) Does you connector use JSSE or OpenSSL? > > There is some code that translates between the two configuration > flavors on the fly, but maybe something is broken. > > > I'm using Oracle Java 1.8.0 build 161. > > FYI, an up-to-date version of Java 8 for Windows is available from > AdoptOpenJDK. > https://adoptopenjdk.net/ > > It is 8u232 now. > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > I have just launched tomcat 8.5.47 stockpile with the following connector config (i generated keystore Jeeks before) <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:/Temp/tomcat.jks" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/> And my tomcat cert gen command was: >keytool -genkeypair -alias tomcat -keyalg RSA -keystore tomcat.jks -keypass changeit -storepass changeit It only gave me warning about non-legit cert when I hit https://localhost:8443 but that's expected. Otherwise, no errors. I suspect your E:\ drive is a network drive (or virtual) so the mapping may be causing issues ? Or may be it's the partitioning...?