Hi All, OS - CentOS 7.6.1810( Core)
Below connector doesn't load my EC keystore whereas it works with RSA . Any insights please . this is my connector tag in server.xml <Connector SSLEnabled="true" URIEncoding="UTF-8" maxThreads="200" port="443" scheme="https" secure="true" protocol="org.apache.coyote.http11.Http11NioProtocol" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" minSpareThreads="25"> <SSLHostConfig sslProtocol="TLS" certificateVerification="none" sessionTimeout="1800" protocols="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3" ciphers="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES256-SHA:DHE-DSS-AES256-SHA:AES128-SHA:DHE-RSA-AES128-SHA" sessionCacheSize="10000"> <Certificate certificateKeyAlias="tomcat-ecdsa" certificateKeystoreFile="/usr/local/platform/.security/tomcat-ECDSA/certs/tomcat-ECDSA.keystore" certificateKeystorePassword="8o8yeAH2qSJbJ2sn" certificateKeystoreType="PKCS12" type="EC"/> </SSLHostConfig> </Connector> tomcat start up command used :- /home/tomcat/tomcat -user tomcat -home /usr/local/thirdparty/java/j2sdk -pidfile /usr/local/thirdparty/jakarta-tomcat/conf/tomcat.pid -procname /home/tomcat/tomcat -outfile /usr/local/thirdparty/jakarta-tomcat/logs/catalina.out -errfile &1 -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Djava.util.logging.config.file=/usr/local/thirdparty/jakarta-tomcat/conf/logging.properties -agentlib:jdwp=transport=dt_socket,address=localhost:8000,server=y,suspend=n -XX:+UseParallelGC -XX:GCTimeRatio=99 -XX:MaxGCPauseMillis=80 -Xmx1824m -Xms256m -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -cp /usr/local/thirdparty/jakarta-tomcat/bin/bootstrap.jar:/usr/local/thirdparty/jakarta-tomcat/bin/tomcat-juli.jar -Djava.security.policy==/usr/local/thirdparty/jakarta-tomcat/conf/catalina.policy -Dcatalina.base=/usr/local/thirdparty/jakarta-tomcat -Dcatalina.home=/usr/local/thirdparty/jakarta-tomcat -Djava.io.tmpdir=/usr/local/thirdparty/jakarta-tomcat/temp org.apache.catalina.startup.Bootstrap start' JAVA_OPTS= -Djava.library.path=$LD_LIBRARY_PATH -Djavax.net.ssl.sessionCacheSize=10000 -Djavax.net.ssl.trustStore=/usr/local/platform/.security/tomcat/trust-certs/tomcat-trust.keystore -Djavax.net.ssl.trustStorePassword=$TRUST_STORE_PASSWORD -XX:ErrorFile=$CATALINA_HOME/logs/diagnostic-info.jvm-crash.%p.tomcat.txt -Dsun.zip.disableMemoryMapping=true -XX:OnOutOfMemoryError=/home/tomcat/tomcat_diagnostics.sh -XX:OnError=/home/tomcat/tomcat_diagnostics.sh $TOMCAT_JAVA_OPTS Also can i have both RSA and ECDSA in a single keystore .Will that work in tomcat 9 ? it used to work with tomat 7 Thanks, Madhan
