In the SSLPassword="${KSENC(6qkaMErQ==; C:\Certificate\Keystore\Vessel.p12)}"
we defined a Class to convert the Encrypted password and set the following properties: public class MyPropertySource implements org.apache.tomcat.util.IntrospectionUtils.PropertySource ... public String getProperty(String arg0) { if (arg0.contains("KSENC(")) { .... System.setProperty("javax.net.ssl.keyStore", keyStorePath); System.setProperty("javax.net.ssl.keyStorePassword", clearText); System.setProperty("javax.net.ssl.trustStore", trustStorePath); System.setProperty("javax.net.ssl.trustStorePassword", clearText); } ... } This class will set the following properties at the beginning of Tomcat init In my debugging I found that it could not determine the store properly. So, I tried putting in the keystoreType="PKCS12 and now it works. I hope this helps. I'm still set up for debugging if you need something looked at. Thanks On Tue, Jun 11, 2024 at 2:14 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Mark, > > On 6/10/24 14:56, Timothy Resh wrote: > > After much debugging, I have found the issue in my situation. In the > > server.xml file, you must put keystoreType="PKCS12" for it to recognize > the > > keystore properly. > > That doesn't make any sense to me. Not a single one of your previous > posts has been using a keystore file at all for Tomcat. You did show how > you assembled a (rather complicated) PKCS12 keystore file using a > combination of openssl and keytool in your message from 25 March but > this is the only place in your configuration file I see that file: > > SSLPassword="${KSENC(6qkaMErQ==; C:\Certificate\Keystore\Vessel.p12)}" > > I have *no idea* what you are doing in there, but I assumed that > keystore contained some kind of password and not a certificate or RSA key. > > -chris > > > On Fri, Apr 5, 2024 at 4:27 AM Roberto Benedetti < > > roberto.benede...@dedalus.eu> wrote: > > > >>> I got the Object ID and version straight out of the Certificate using > >>> Keystore Explorer. I'm not sure why there is a difference. > >> > >> Keystore Explorer uses Bouncy Castle (https://www.bouncycastle.org/) as > >> provider for JCE. > >> > >> If your JRE/JDK does not provide some algorithm you could use Bouncy > >> Castle as well. > >> > >> Regards, > >> Roberto > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >