http://tomcat.10.x6.nabble.com/Can-t-Get-SSL-to-Work-in-8-5-td5071245.html
On Thu, 9 Jan 2020, 03:01 Zahid Rahman, <zahidr1...@gmail.com> wrote: > > https://confluence.atlassian.com/confkb/ssl-connector-fails-to-initialize-during-tomcat-startup-646251490.html > > On Thu, 9 Jan 2020, 02:44 Zahid Rahman, <zahidr1...@gmail.com> wrote: > >> >> https://stackoverflow.com/questions/46786046/severe-main-org-apache-catalina-core-standardservice-initinternal-failed-to-in >> >> I went to college and studied IT before finding a job. My teacher >> explained to me that you should always look at the first error and ignore >> the rest. >> >> >> First error. >> 08-Jan-2020 23:14:09.026 SEVERE [main] >> org.apache.catalina.core.StandardService.initInternal >> Failed to initialize connector [Connector[HTTP/1.1-8443]] >> >> >> Once that has been addressed then either the remaining will disappear >> or address the second error which will then be the first error. >> >> >> >> >> >> >> On Wed, 8 Jan 2020, 23:59 James H. H. Lampert, <jam...@touchtonecorp.com> >> wrote: >> >>> I wrote: >>> > Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" >>> > and ".key" files directly, instead of the Java Keystore file? >>> >>> On 12/30/19 1:41 PM, Peter Kreuser wrote: >>> > Correct! >>> >>> I tried an experiment this afternoon: >>> >>> I made a copy of the existing server.xml file, and I changed the active >>> connector from this (keystore file and alias redacted for privacy, >>> ciphers and compressibleMimeTypes clauses redacted because they're quite >>> long, and not relevant here): >>> > <Connector port="8443" proxyPort="443" >>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> > compression="on" compressionMinSize="2048" >>> noCompressionUserAgents="gozilla, traviata" >>> > compressableMimeType="[REDACTED]" >>> > maxThreads="1000" socket.appReadBufSize="1024" >>> socket.appWriteBufSize="1024" bufferSize="1024" >>> > SSLEnabled="true" scheme="https" secure="true" >>> > keystoreFile="[REDACTED]" keyAlias="[REDACTED]" ciphers="[REDACTED]" >>> > clientAuth="false" sslProtocol="TLS" /> >>> >>> to this: >>> > <Connector port="8443" proxyPort="443" >>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> > compression="on" compressionMinSize="2048" >>> noCompressionUserAgents="gozilla, traviata" >>> > compressableMimeType="[REDACTED]" >>> > maxThreads="1000" socket.appReadBufSize="1024" >>> socket.appWriteBufSize="1024" bufferSize="1024" >>> > SSLEnabled="true" scheme="https" secure="true"> >>> > <SSLHostConfig ciphers="[REDACTED]" >>> > certificateVerification="none" sslProtocol="TLS"> >>> > <Certificate certificateFile="[REDACTED].cer" >>> certificateKeyFile="[REDACTED].key" >>> > certificateChainFile="[REDACTED].ca.crt" /> >>> > </SSLHostConfig> >>> > </Connector> >>> >>> and restarted Tomcat, and it failed to open the port, producing this in >>> catalina.out: >>> > 08-Jan-2020 23:14:09.026 SEVERE [main] >>> org.apache.catalina.core.StandardService.initInternal Failed to initialize >>> connector [Connector[HTTP/1.1-8443]] >>> > org.apache.catalina.LifecycleException: Failed to initialize >>> component [Connector[HTTP/1.1-8443]] >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) >>> > at >>> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552) >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >>> > at >>> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639) >>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:662) >>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> > at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>> > at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> > at java.lang.reflect.Method.invoke(Method.java:498) >>> > at >>> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) >>> > at >>> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) >>> > Caused by: org.apache.catalina.LifecycleException: Protocol handler >>> initialization failed >>> > at >>> org.apache.catalina.connector.Connector.initInternal(Connector.java:995) >>> > at >>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >>> > ... 12 more >>> > Caused by: java.lang.IllegalArgumentException: Cannot store >>> non-PrivateKeys >>> > at org.apache.tomcat.util.net >>> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100) >>> > at org.apache.tomcat.util.net >>> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72) >>> > at org.apache.tomcat.util.net >>> .NioEndpoint.bind(NioEndpoint.java:244) >>> > at org.apache.tomcat.util.net >>> .AbstractEndpoint.init(AbstractEndpoint.java:1105) >>> > at org.apache.tomcat.util.net >>> .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:224) >>> > at >>> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) >>> > at >>> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) >>> > at >>> org.apache.catalina.connector.Connector.initInternal(Connector.java:993) >>> > ... 13 more >>> > Caused by: java.security.KeyStoreException: Cannot store >>> non-PrivateKeys >>> > at >>> sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:261) >>> > at >>> sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:56) >>> > at >>> sun.security.provider.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:117) >>> > at >>> sun.security.provider.JavaKeyStore$DualFormatJKS.engineSetKeyEntry(JavaKeyStore.java:70) >>> > at java.security.KeyStore.setKeyEntry(KeyStore.java:1140) >>> > at org.apache.tomcat.util.net >>> .SSLUtilBase.getKeyManagers(SSLUtilBase.java:313) >>> > at org.apache.tomcat.util.net >>> .SSLUtilBase.createSSLContext(SSLUtilBase.java:239) >>> > at org.apache.tomcat.util.net >>> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98) >>> > ... 20 more >>> >>> Can anybody explain what I did wrong? These are fully-qualified paths to >>> the certificate, chain, and key files. [REDACTED].ca.crt contains a >>> certificate chain; [REDACTED].cer contains a certificate, and >>> [REDACTED].key contains a private key, and they all work in Apache >>> httpd, on the same box. >>> >>> -- >>> JHHL >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>>