It seems like the logic implemented for NONE as certificateKeystoreFile deviates from the documentation. Currently NONE is always interpreted as a file path, even for PKCS11. Looks like the comparison with NONE should be inside the parentheses for the negation? A workaround is to use "" instead of NONE.
https://github.com/apache/tomcat/blob/main/java/org/apache/tomcat/util/net/SSLUtilBase.java#L196 Yours, Mikael --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org