Chris, Thanks for your response.
These Tomcat servers are something I inherited. I do not know what this bouncycastle.crypto is. If it is making my setup complicated how do I get around it? Is it part of the org.apache.coyote.http11.Http11NioProtocol? What would you recommend I use instead? My end goal is to just enable TLS/SSL on the connectors. --Ez On Mon, May 24, 2021 at 1:56 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Ezsra, > > On 5/24/21 10:30, Ezsra McDonald wrote: > > I am enabling SSL debugging this morning. I did catch this in the log for > > an instance that started erroring out this morning. Seems like it may be > > too generic to help solve my problem. Here it is: > > > > 24-May-2021 09:25:44.609 SEVERE [catalina-exec-51] > > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun > > java.lang.NullPointerException > > at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown > > Source) > > at org.bouncycastle.jce.provider.JDKPSSSigner.engineSign(Unknown Source) > > Oh. You are using BouncyCastle. I've never tried to do that. I'm not > sure how well BC will work with Tomcat. We don't officially support that > configuration, but that doesn't mean we won't try to help. > > There will be a presentation at this year's ApacheCon @Home 2021 about > configuring Tomcat for FIPS and it will include how to configure Tomcat > with BC (including FIPS). Obviously, you don't want to wait around until > the conference to get things working, but perhaps the presenter is > lurking on the list ... ? > > I don't have an email address for the presenter, so I can't give you a > reference. :/ > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
