https://confluence.atlassian.com/confkb/ssl-connector-fails-to-initialize-during-tomcat-startup-646251490.html
On Thu, 9 Jan 2020, 02:44 Zahid Rahman, <zahidr1...@gmail.com> wrote: > > https://stackoverflow.com/questions/46786046/severe-main-org-apache-catalina-core-standardservice-initinternal-failed-to-in > > I went to college and studied IT before finding a job. My teacher > explained to me that you should always look at the first error and ignore > the rest. > > > First error. > 08-Jan-2020 23:14:09.026 SEVERE [main] > org.apache.catalina.core.StandardService.initInternal > Failed to initialize connector [Connector[HTTP/1.1-8443]] > > > Once that has been addressed then either the remaining will disappear or > address the second error which will then be the first error. > > > > > > > On Wed, 8 Jan 2020, 23:59 James H. H. Lampert, <jam...@touchtonecorp.com> > wrote: > >> I wrote: >> > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" >> > and ".key" files directly, instead of the Java Keystore file? >> >> On 12/30/19 1:41 PM, Peter Kreuser wrote: >> > Correct! >> >> I tried an experiment this afternoon: >> >> I made a copy of the existing server.xml file, and I changed the active >> connector from this (keystore file and alias redacted for privacy, >> ciphers and compressibleMimeTypes clauses redacted because they're quite >> long, and not relevant here): >> > <Connector port="8443" proxyPort="443" >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> > compression="on" compressionMinSize="2048" >> noCompressionUserAgents="gozilla, traviata" >> > compressableMimeType="[REDACTED]" >> > maxThreads="1000" socket.appReadBufSize="1024" >> socket.appWriteBufSize="1024" bufferSize="1024" >> > SSLEnabled="true" scheme="https" secure="true" >> > keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" >> > clientAuth="false" sslProtocol="TLS" /> >> >> to this: >> > <Connector port="8443" proxyPort="443" >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> > compression="on" compressionMinSize="2048" >> noCompressionUserAgents="gozilla, traviata" >> > compressableMimeType="[REDACTED]" >> > maxThreads="1000" socket.appReadBufSize="1024" >> socket.appWriteBufSize="1024" bufferSize="1024" >> > SSLEnabled="true" scheme="https" secure="true"> >> > <SSLHostConfig ciphers="[REDACTED]" >> > certificateVerification="none" sslProtocol="TLS"> >> > <Certificate certificateFile="[REDACTED].cer" >> certificateKeyFile="[REDACTED].key" >> > certificateChainFile="[REDACTED].ca.crt" /> >> > </SSLHostConfig> >> > </Connector> >> >> and restarted Tomcat, and it failed to open the port, producing this in >> catalina.out: >> > 08-Jan-2020 23:14:09.026 SEVERE [main] >> org.apache.catalina.core.StandardService.initInternal Failed to initialize >> connector [Connector[HTTP/1.1-8443]] >> > org.apache.catalina.LifecycleException: Failed to initialize component >> [Connector[HTTP/1.1-8443]] >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) >> > at >> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> > at >> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) >> > at org.apache.catalina.startup.Catalina.load(Catalina.java:662) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> > at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:498) >> > at >> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) >> > at >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) >> > Caused by: org.apache.catalina.LifecycleException: Protocol handler >> initialization failed >> > at >> org.apache.catalina.connector.Connector.initInternal(Connector.java:995) >> > at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> > ... 12 more >> > Caused by: java.lang.IllegalArgumentException: Cannot store >> non-PrivateKeys >> > at org.apache.tomcat.util.net >> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) >> > at org.apache.tomcat.util.net >> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) >> > at org.apache.tomcat.util.net >> .NioEndpoint.bind(NioEndpoint.java:244) >> > at org.apache.tomcat.util.net >> .AbstractEndpoint.init(AbstractEndpoint.java:1105) >> > at org.apache.tomcat.util.net >> .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:224) >> > at >> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) >> > at >> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) >> > at >> org.apache.catalina.connector.Connector.initInternal(Connector.java:993) >> > ... 13 more >> > Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys >> > at >> sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:261) >> > at >> sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) >> > at >> sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117) >> > at >> sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70) >> > at java.security.KeyStore.setKeyEntry(KeyStore.java:1140) >> > at org.apache.tomcat.util.net >> .SSLUtilBase.getKeyManagers(SSLUtilBase.java:313) >> > at org.apache.tomcat.util.net >> .SSLUtilBase.createSSLContext(SSLUtilBase.java:239) >> > at org.apache.tomcat.util.net >> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98) >> > ... 20 more >> >> Can anybody explain what I did wrong? These are fully-qualified paths to >> the certificate, chain, and key files. [REDACTED].ca.crt contains a >> certificate chain; [REDACTED].cer contains a certificate, and >> [REDACTED].key contains a private key, and they all work in Apache >> httpd, on the same box. >> >> -- >> JHHL >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>