I resolved my issue by recreate the private key with different encryption My old key was encrypted with DES-CBC, and new one I used AES-256-CBC https://stackoverflow.com/questions/17733536/how-to-convert-a-private-key-to-an-rsa-private-key
openssl rsa -aes256 -in server.key -out new.key To answer some of your questions: I tested with 9.0.86, 9.0.82, 9.0.81 and they all gave the me same error/failure. -----Original Message----- From: Konstantin Kolinko <[email protected]> Sent: Wednesday, February 28, 2024 10:48 AM To: [email protected] Subject: Re: server.xml setting broken with Tomcat 9.0.81 ср, 28 февр. 2024 г. в 14:42, Jonathan Ho <[email protected]>: > > I have following connectors in server.xml file and working for a long time > with various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. > I verified that 9.0.80 is working. > What I am getting from 9.0.81 on startup is I will get pass phrase prompt on > tomcat start up and following errors in the log. > I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the > problem? > 1. OpenSSL 1.1.1 has reached End-of-Life, https://www.openssl.org/blog/blog/2023/09/11/eol-111/ 2. If you suspect, that the version of Tomcat Native is the trigger of this issue: On Windows it is easy to verify whether it is the cause: just replace "bin/tcnative-1.dll" with an older version. > or newer versions. 3. What never versions have you tested? Have you tested the current Tomcat 9.0.86? It updates Tomcat Native further, to 1.3.0. Have you tested 9.0.83 or later? https://bz.apache.org/bugzilla/show_bug.cgi?id=67675 Is not exactly your issue, but of a similar topic. > I will get pass phrase prompt 4. That prompt is not issued by Tomcat. Is that prompt expected? Are you typing the password correctly? Are you able to decode your key file using openssl.exe from a command line? Note that a copy of openssl.exe is included with Tomcat Native binaries downloadable from https://tomcat.apache.org/download-native.cgi Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
