Let's encrypt SSL config

Thu, 07 Jan 2021 11:42:51 -0800 

Hi,

It drives me nuts now.

I have created sym links to the PEM files. I made the PEM files readable for
the tomcat user. I set the server.xml to use SSL. And the connector fails to
start.

    <Connector port="8443"

               protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="200"

               scheme="https"

               secure="true"

               SSLEnabled="true"

               clientAuth="false"

               sslProtocol="TLS"

 
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementat
ion"

               defaultSSLHostConfigName="mydomain.com"

    >

        <SSLHostConfig hostName="mydomain.com"
protocols="+TLSv1,+TLSv1.1,+TLSv1.2">

            <Certificate

                certificateKeyFile="conf/privkey.pem"

                certificateFile="conf/cert.pem"

                certificateChainFile="conf/chain.pem"

                type="UNDEFINED"

            />

        </SSLHostConfig>

    </Connector>

 

I did try to change the type to RSA, to no avail. All I see in the log is:

02-Jan-2021 17:40:54.398 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-openssl-nio-8443"]

02-Jan-2021 17:40:54.466 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-8443]]

        org.apache.catalina.LifecycleException: Protocol handler
initialization failed

                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)

                ... some lines removed

                at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)

        Caused by: java.lang.IllegalArgumentException

                at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss
eEndpoint.java:99)

                ... some lines are removed

                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)

                ... 13 more

        Caused by: java.io.IOException

                at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:302)

                at
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.ja
va:98)

                at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247
)

                at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss
eEndpoint.java:97)

                ... 20 more

 

I've checked the SSLUtilBase.java code (tomcat 9.0.33):

            if (certificate.getCertificateFile() == null) {

                throw new IOException(sm.getString("jsse.noCertFile"));

            }

 

I did try to copy the files instead of using sym links. No avail. Removed
the comments from the cert files. No avail. It seems tomcat cannot find the
files I've specified in the server.xml.

What do I miss?

 

Best Regards,

Ivan

Reply via email to