You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chuck Syperski <cs...@gmail.com> on 2016/08/22 12:40:00 UTC
8.5.3 to 8.5.4 SSL Issue
Hello,
I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems
that my config from 8.5.3 is not working with 8.5.4 when using the same
exact file. The majority of the server.xml is stock, but here what I
manually have changed and it is where I am encountering my problem....
....
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" maxThreads="750"
SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateFile="/opt/ssl/cert.pem"
certificateChainFile="/opt/ssl/chain.pem"
certificateKeyFile="/opt/ssl/privkey.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
....
This worked fine with 8.5.3, but I get the following errors in catalina.out
on 8.5.4....
22-Aug-2016 12:16:21.139 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-8443"]
22-Aug-2016 12:16:22.119 SEVERE [main]
org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
type [JKS] with path [/home/tomcat8/.keystore] due to
[/home/tomcat8/.keystore (No such file or directory)]
java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at
org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
22-Aug-2016 12:16:22.123 SEVERE [main]
org.apache.coyote.AbstractProtocol.init Failed to initialize end point
associated with ProtocolHandler ["https-jsse-nio-8443"]
java.lang.IllegalArgumentException: java.io.FileNotFoundException:
/home/tomcat8/.keystore (No such file or directory)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: java.io.FileNotFoundException: /home/tomcat8/.keystore (No such
file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at
org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
... 20 more
22-Aug-2016 12:16:22.127 SEVERE [main]
org.apache.catalina.core.StandardService.initInternal Failed to initialize
connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:111)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException:
java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
directory)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
... 13 more
Caused by: java.io.FileNotFoundException: /home/tomcat8/.keystore (No such
file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at
org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
... 20 more
22-Aug-2016 12:16:22.133 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["ajp-nio-8009"]
22-Aug-2016 12:16:22.142 INFO [main]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
selector for servlet write/read
22-Aug-2016 12:16:22.143 INFO [main]
org.apache.catalina.startup.Catalina.load Initialization processed in 2189
ms
22-Aug-2016 12:16:22.223 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
Catalina
22-Aug-2016 12:16:22.224 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
Engine: Apache Tomcat/8.5.4
Just for reference, this what I get in 8.5.3 for the same section of the
log....
22-Aug-2016 06:01:15.573 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-8080"]
22-Aug-2016 06:01:15.613 INFO [main]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
selector for servlet write/read
22-Aug-2016 06:01:15.620 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-8443"]
22-Aug-2016 06:01:16.240 INFO [main]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
selector for servlet write/read
22-Aug-2016 06:01:16.241 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["ajp-nio-8009"]
22-Aug-2016 06:01:16.243 INFO [main]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
selector for servlet write/read
22-Aug-2016 06:01:16.245 INFO [main]
org.apache.catalina.startup.Catalina.load Initialization processed in 1491
ms
22-Aug-2016 06:01:16.299 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
Catalina
22-Aug-2016 06:01:16.300 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
Engine: Apache Tomcat/8.5.3
I am attempting to use Let's Encrypts certs on Ubuntu 16.04. My setup is
pretty simple and the things I am changing is a sym link between the 8.5.3
directory and 8.5.4, with 8.5.3 the ssl connector starts, but with 8.5.4, I
get not ssl with the above error in my logs. Am I missing something? Any
pointers or help would be greatly appreciated!
Re: 8.5.3 to 8.5.4 SSL Issue
Posted by Chuck Syperski <cs...@gmail.com>.
Great, I'm not crazy! Thanks so much for the help and quick responses!
On Mon, Aug 22, 2016 at 1:39 PM, Mark Thomas <ma...@apache.org> wrote:
> On 22/08/2016 13:40, Chuck Syperski wrote:
> > Hello,
> >
> > I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems
> > that my config from 8.5.3 is not working with 8.5.4 when using the same
> > exact file. The majority of the server.xml is stock, but here what I
> > manually have changed and it is where I am encountering my problem....
>
> Known issue. Already fixed for 8.5.5:
>
> http://svn.us.apache.org/repos/asf/tomcat/tc8.5.x/
> trunk/webapps/docs/changelog.xml
>
> Mark
>
>
> > ....
> > <Connector port="8443" protocol="org.apache.coyote.
> http11.Http11NioProtocol"
> > scheme="https" secure="true" maxThreads="750"
> > SSLEnabled="true">
> > <SSLHostConfig>
> > <Certificate
> > certificateFile="/opt/ssl/cert.pem"
> > certificateChainFile="/opt/ssl/chain.pem"
> > certificateKeyFile="/opt/ssl/privkey.pem"
> > type="RSA" />
> > </SSLHostConfig>
> > </Connector>
> > ....
> > This worked fine with 8.5.3, but I get the following errors in
> catalina.out
> > on 8.5.4....
> >
> > 22-Aug-2016 12:16:21.139 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["https-jsse-nio-8443"]
> > 22-Aug-2016 12:16:22.119 SEVERE [main]
> > org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> > type [JKS] with path [/home/tomcat8/.keystore] due to
> > [/home/tomcat8/.keystore (No such file or directory)]
> > java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
> > directory)
> > at java.io.FileInputStream.open0(Native Method)
> > at java.io.FileInputStream.open(FileInputStream.java:195)
> > at java.io.FileInputStream.<init>(FileInputStream.java:138)
> > at java.io.FileInputStream.<init>(FileInputStream.java:93)
> > at
> > sun.net.www.protocol.file.FileURLConnection.connect(
> FileURLConnection.java:90)
> > at
> > sun.net.www.protocol.file.FileURLConnection.getInputStream(
> FileURLConnection.java:188)
> > at
> > org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(
> ConfigFileLoader.java:96)
> > at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
> > at
> > org.apache.tomcat.util.net.SSLHostConfigCertificate.
> getCertificateKeystore(SSLHostConfigCertificate.java:187)
> > at
> > org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(
> JSSEUtil.java:189)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(
> AbstractJsseEndpoint.java:101)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(
> AbstractJsseEndpoint.java:81)
> > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
> > at
> > org.apache.tomcat.util.net.AbstractEndpoint.init(
> AbstractEndpoint.java:866)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.init(
> AbstractJsseEndpoint.java:213)
> > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
> > at
> > org.apache.coyote.http11.AbstractHttp11Protocol.init(
> AbstractHttp11Protocol.java:65)
> > at org.apache.catalina.connector.Connector.initInternal(
> Connector.java:1010)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at
> > org.apache.catalina.core.StandardService.initInternal(
> StandardService.java:549)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at
> > org.apache.catalina.core.StandardServer.initInternal(
> StandardServer.java:873)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
> >
> > 22-Aug-2016 12:16:22.123 SEVERE [main]
> > org.apache.coyote.AbstractProtocol.init Failed to initialize end point
> > associated with ProtocolHandler ["https-jsse-nio-8443"]
> > java.lang.IllegalArgumentException: java.io.FileNotFoundException:
> > /home/tomcat8/.keystore (No such file or directory)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(
> AbstractJsseEndpoint.java:103)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(
> AbstractJsseEndpoint.java:81)
> > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
> > at
> > org.apache.tomcat.util.net.AbstractEndpoint.init(
> AbstractEndpoint.java:866)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.init(
> AbstractJsseEndpoint.java:213)
> > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
> > at
> > org.apache.coyote.http11.AbstractHttp11Protocol.init(
> AbstractHttp11Protocol.java:65)
> > at org.apache.catalina.connector.Connector.initInternal(
> Connector.java:1010)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at
> > org.apache.catalina.core.StandardService.initInternal(
> StandardService.java:549)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at
> > org.apache.catalina.core.StandardServer.initInternal(
> StandardServer.java:873)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
> > Caused by: java.io.FileNotFoundException: /home/tomcat8/.keystore (No
> such
> > file or directory)
> > at java.io.FileInputStream.open0(Native Method)
> > at java.io.FileInputStream.open(FileInputStream.java:195)
> > at java.io.FileInputStream.<init>(FileInputStream.java:138)
> > at java.io.FileInputStream.<init>(FileInputStream.java:93)
> > at
> > sun.net.www.protocol.file.FileURLConnection.connect(
> FileURLConnection.java:90)
> > at
> > sun.net.www.protocol.file.FileURLConnection.getInputStream(
> FileURLConnection.java:188)
> > at
> > org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(
> ConfigFileLoader.java:96)
> > at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
> > at
> > org.apache.tomcat.util.net.SSLHostConfigCertificate.
> getCertificateKeystore(SSLHostConfigCertificate.java:187)
> > at
> > org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(
> JSSEUtil.java:189)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(
> AbstractJsseEndpoint.java:101)
> > ... 20 more
> >
> > 22-Aug-2016 12:16:22.127 SEVERE [main]
> > org.apache.catalina.core.StandardService.initInternal Failed to
> initialize
> > connector [Connector[HTTP/1.1-8443]]
> > org.apache.catalina.LifecycleException: Failed to initialize component
> > [Connector[HTTP/1.1-8443]]
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:111)
> > at
> > org.apache.catalina.core.StandardService.initInternal(
> StandardService.java:549)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at
> > org.apache.catalina.core.StandardServer.initInternal(
> StandardServer.java:873)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> > sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> > at
> > sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:498)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
> > Caused by: org.apache.catalina.LifecycleException: Protocol handler
> > initialization failed
> > at org.apache.catalina.connector.Connector.initInternal(
> Connector.java:1012)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> > ... 12 more
> > Caused by: java.lang.IllegalArgumentException:
> > java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
> > directory)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(
> AbstractJsseEndpoint.java:103)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(
> AbstractJsseEndpoint.java:81)
> > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
> > at
> > org.apache.tomcat.util.net.AbstractEndpoint.init(
> AbstractEndpoint.java:866)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.init(
> AbstractJsseEndpoint.java:213)
> > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
> > at
> > org.apache.coyote.http11.AbstractHttp11Protocol.init(
> AbstractHttp11Protocol.java:65)
> > at org.apache.catalina.connector.Connector.initInternal(
> Connector.java:1010)
> > ... 13 more
> > Caused by: java.io.FileNotFoundException: /home/tomcat8/.keystore (No
> such
> > file or directory)
> > at java.io.FileInputStream.open0(Native Method)
> > at java.io.FileInputStream.open(FileInputStream.java:195)
> > at java.io.FileInputStream.<init>(FileInputStream.java:138)
> > at java.io.FileInputStream.<init>(FileInputStream.java:93)
> > at
> > sun.net.www.protocol.file.FileURLConnection.connect(
> FileURLConnection.java:90)
> > at
> > sun.net.www.protocol.file.FileURLConnection.getInputStream(
> FileURLConnection.java:188)
> > at
> > org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(
> ConfigFileLoader.java:96)
> > at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
> > at
> > org.apache.tomcat.util.net.SSLHostConfigCertificate.
> getCertificateKeystore(SSLHostConfigCertificate.java:187)
> > at
> > org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(
> JSSEUtil.java:189)
> > at
> > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(
> AbstractJsseEndpoint.java:101)
> > ... 20 more
> > 22-Aug-2016 12:16:22.133 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["ajp-nio-8009"]
> > 22-Aug-2016 12:16:22.142 INFO [main]
> > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
> shared
> > selector for servlet write/read
> > 22-Aug-2016 12:16:22.143 INFO [main]
> > org.apache.catalina.startup.Catalina.load Initialization processed in
> 2189
> > ms
> > 22-Aug-2016 12:16:22.223 INFO [main]
> > org.apache.catalina.core.StandardService.startInternal Starting service
> > Catalina
> > 22-Aug-2016 12:16:22.224 INFO [main]
> > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> > Engine: Apache Tomcat/8.5.4
> >
> > Just for reference, this what I get in 8.5.3 for the same section of the
> > log....
> >
> > 22-Aug-2016 06:01:15.573 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["http-nio-8080"]
> > 22-Aug-2016 06:01:15.613 INFO [main]
> > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
> shared
> > selector for servlet write/read
> > 22-Aug-2016 06:01:15.620 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["https-jsse-nio-8443"]
> > 22-Aug-2016 06:01:16.240 INFO [main]
> > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
> shared
> > selector for servlet write/read
> > 22-Aug-2016 06:01:16.241 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["ajp-nio-8009"]
> > 22-Aug-2016 06:01:16.243 INFO [main]
> > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
> shared
> > selector for servlet write/read
> > 22-Aug-2016 06:01:16.245 INFO [main]
> > org.apache.catalina.startup.Catalina.load Initialization processed in
> 1491
> > ms
> > 22-Aug-2016 06:01:16.299 INFO [main]
> > org.apache.catalina.core.StandardService.startInternal Starting service
> > Catalina
> > 22-Aug-2016 06:01:16.300 INFO [main]
> > org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> > Engine: Apache Tomcat/8.5.3
> >
> >
> > I am attempting to use Let's Encrypts certs on Ubuntu 16.04. My setup is
> > pretty simple and the things I am changing is a sym link between the
> 8.5.3
> > directory and 8.5.4, with 8.5.3 the ssl connector starts, but with
> 8.5.4, I
> > get not ssl with the above error in my logs. Am I missing something?
> Any
> > pointers or help would be greatly appreciated!
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: 8.5.3 to 8.5.4 SSL Issue
Posted by Mark Thomas <ma...@apache.org>.
On 22/08/2016 13:40, Chuck Syperski wrote:
> Hello,
>
> I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems
> that my config from 8.5.3 is not working with 8.5.4 when using the same
> exact file. The majority of the server.xml is stock, but here what I
> manually have changed and it is where I am encountering my problem....
Known issue. Already fixed for 8.5.5:
http://svn.us.apache.org/repos/asf/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
Mark
> ....
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" maxThreads="750"
> SSLEnabled="true">
> <SSLHostConfig>
> <Certificate
> certificateFile="/opt/ssl/cert.pem"
> certificateChainFile="/opt/ssl/chain.pem"
> certificateKeyFile="/opt/ssl/privkey.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> ....
> This worked fine with 8.5.3, but I get the following errors in catalina.out
> on 8.5.4....
>
> 22-Aug-2016 12:16:21.139 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-8443"]
> 22-Aug-2016 12:16:22.119 SEVERE [main]
> org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> type [JKS] with path [/home/tomcat8/.keystore] due to
> [/home/tomcat8/.keystore (No such file or directory)]
> java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
> directory)
> at java.io.FileInputStream.open0(Native Method)
> at java.io.FileInputStream.open(FileInputStream.java:195)
> at java.io.FileInputStream.<init>(FileInputStream.java:138)
> at java.io.FileInputStream.<init>(FileInputStream.java:93)
> at
> sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
> at
> sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
> at
> org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
> at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
> at
> org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
> at
> org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
>
> 22-Aug-2016 12:16:22.123 SEVERE [main]
> org.apache.coyote.AbstractProtocol.init Failed to initialize end point
> associated with ProtocolHandler ["https-jsse-nio-8443"]
> java.lang.IllegalArgumentException: java.io.FileNotFoundException:
> /home/tomcat8/.keystore (No such file or directory)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
> Caused by: java.io.FileNotFoundException: /home/tomcat8/.keystore (No such
> file or directory)
> at java.io.FileInputStream.open0(Native Method)
> at java.io.FileInputStream.open(FileInputStream.java:195)
> at java.io.FileInputStream.<init>(FileInputStream.java:138)
> at java.io.FileInputStream.<init>(FileInputStream.java:93)
> at
> sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
> at
> sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
> at
> org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
> at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
> at
> org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
> at
> org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
> ... 20 more
>
> 22-Aug-2016 12:16:22.127 SEVERE [main]
> org.apache.catalina.core.StandardService.initInternal Failed to initialize
> connector [Connector[HTTP/1.1-8443]]
> org.apache.catalina.LifecycleException: Failed to initialize component
> [Connector[HTTP/1.1-8443]]
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:111)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
> Caused by: org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1012)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> ... 12 more
> Caused by: java.lang.IllegalArgumentException:
> java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
> directory)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
> ... 13 more
> Caused by: java.io.FileNotFoundException: /home/tomcat8/.keystore (No such
> file or directory)
> at java.io.FileInputStream.open0(Native Method)
> at java.io.FileInputStream.open(FileInputStream.java:195)
> at java.io.FileInputStream.<init>(FileInputStream.java:138)
> at java.io.FileInputStream.<init>(FileInputStream.java:93)
> at
> sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
> at
> sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
> at
> org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
> at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
> at
> org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
> at
> org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101)
> ... 20 more
> 22-Aug-2016 12:16:22.133 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["ajp-nio-8009"]
> 22-Aug-2016 12:16:22.142 INFO [main]
> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
> selector for servlet write/read
> 22-Aug-2016 12:16:22.143 INFO [main]
> org.apache.catalina.startup.Catalina.load Initialization processed in 2189
> ms
> 22-Aug-2016 12:16:22.223 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting service
> Catalina
> 22-Aug-2016 12:16:22.224 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> Engine: Apache Tomcat/8.5.4
>
> Just for reference, this what I get in 8.5.3 for the same section of the
> log....
>
> 22-Aug-2016 06:01:15.573 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-8080"]
> 22-Aug-2016 06:01:15.613 INFO [main]
> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
> selector for servlet write/read
> 22-Aug-2016 06:01:15.620 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-8443"]
> 22-Aug-2016 06:01:16.240 INFO [main]
> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
> selector for servlet write/read
> 22-Aug-2016 06:01:16.241 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["ajp-nio-8009"]
> 22-Aug-2016 06:01:16.243 INFO [main]
> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
> selector for servlet write/read
> 22-Aug-2016 06:01:16.245 INFO [main]
> org.apache.catalina.startup.Catalina.load Initialization processed in 1491
> ms
> 22-Aug-2016 06:01:16.299 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting service
> Catalina
> 22-Aug-2016 06:01:16.300 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> Engine: Apache Tomcat/8.5.3
>
>
> I am attempting to use Let's Encrypts certs on Ubuntu 16.04. My setup is
> pretty simple and the things I am changing is a sym link between the 8.5.3
> directory and 8.5.4, with 8.5.3 the ssl connector starts, but with 8.5.4, I
> get not ssl with the above error in my logs. Am I missing something? Any
> pointers or help would be greatly appreciated!
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: 8.5.3 to 8.5.4 SSL Issue
Posted by Chuck Syperski <cs...@gmail.com>.
I was under the impressions that as of 8.5.3 you could do JSSE with OpenSSL
from this page:
https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
Excerpt:
"Tomcat can use three different implementations of SSL:
JSSE implementation provided as part of the Java runtime
JSSE implementation that uses OpenSSL
APR implementation, which uses the OpenSSL engine by default"
I originally attempted using OpenSSL directly after viewing this post and
this is what my configuration is based off of:
https://community.letsencrypt.org/t/how-to-use-the-certificate-for-tomcat/3677/39
If it isn't supported, it is just odd that it did work with 8.5.3.
On Mon, Aug 22, 2016 at 1:08 PM, Kreuser, Peter <pk...@airplus.com>
wrote:
> Chuck,
> >
> > Hello,
> >
> > I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems
> > that my config from 8.5.3 is not working with 8.5.4 when using the same
> > exact file. The majority of the server.xml is stock, but here what I
> > manually have changed and it is where I am encountering my problem....
> > ....
> > <Connector port="8443" protocol="org.apache.coyote.
> http11.Http11NioProtocol"
> > scheme="https" secure="true" maxThreads="750"
> > SSLEnabled="true">
> > <SSLHostConfig>
> > <Certificate
> > certificateFile="/opt/ssl/cert.pem"
> > certificateChainFile="/opt/ssl/chain.pem"
> > certificateKeyFile="/opt/ssl/privkey.pem"
> > type="RSA" />
> > </SSLHostConfig>
> > </Connector>
> > ....
> > This worked fine with 8.5.3, but I get the following errors in
> catalina.out
> > on 8.5.4....
> >
> > 22-Aug-2016 12:16:21.139 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["https-jsse-nio-8443"]
> > 22-Aug-2016 12:16:22.119 SEVERE [main]
> > org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> > type [JKS] with path [/home/tomcat8/.keystore] due to
> > [/home/tomcat8/.keystore (No such file or directory)]
> > java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
> > directory)
> <snip>
> >
> > I am attempting to use Let's Encrypts certs on Ubuntu 16.04. My setup is
> > pretty simple and the things I am changing is a sym link between the
> 8.5.3
> > directory and 8.5.4, with 8.5.3 the ssl connector starts, but with
> 8.5.4, I
> > get not ssl with the above error in my logs. Am I missing something?
> Any
> > pointers or help would be greatly appreciated!
> >
>
> It seems to me, that tomcat requests JKS certificates but you give openssl
> options (certificateFile, certificateChainFile, certificateKeyFile).
>
> Documentation says:
> " If the installation uses APR - i.e. you have installed the Tomcat native
> library - then it will use the JSSE OpenSSL implementation, otherwise it
> will use the Java JSSE implementation." Or
> " Note: If tomcat-native is installed, the configuration will use JSSE
> with an OpenSSL implementation, which supports either this configuration or
> the APR configuration example given below.
>
> The APR connector uses different attributes for many SSL settings,
> particularly keys and certificates. An example of an APR configuration is:"
>
> So are you using TC Native?
>
> Best regards
>
> Peter
>
>
>
>
>
AW: 8.5.3 to 8.5.4 SSL Issue
Posted by "Kreuser, Peter" <pk...@airplus.com>.
Chuck,
>
> Hello,
>
> I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems
> that my config from 8.5.3 is not working with 8.5.4 when using the same
> exact file. The majority of the server.xml is stock, but here what I
> manually have changed and it is where I am encountering my problem....
> ....
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> scheme="https" secure="true" maxThreads="750"
> SSLEnabled="true">
> <SSLHostConfig>
> <Certificate
> certificateFile="/opt/ssl/cert.pem"
> certificateChainFile="/opt/ssl/chain.pem"
> certificateKeyFile="/opt/ssl/privkey.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
> ....
> This worked fine with 8.5.3, but I get the following errors in catalina.out
> on 8.5.4....
>
> 22-Aug-2016 12:16:21.139 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-jsse-nio-8443"]
> 22-Aug-2016 12:16:22.119 SEVERE [main]
> org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> type [JKS] with path [/home/tomcat8/.keystore] due to
> [/home/tomcat8/.keystore (No such file or directory)]
> java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
> directory)
<snip>
>
> I am attempting to use Let's Encrypts certs on Ubuntu 16.04. My setup is
> pretty simple and the things I am changing is a sym link between the 8.5.3
> directory and 8.5.4, with 8.5.3 the ssl connector starts, but with 8.5.4, I
> get not ssl with the above error in my logs. Am I missing something? Any
> pointers or help would be greatly appreciated!
>
It seems to me, that tomcat requests JKS certificates but you give openssl options (certificateFile, certificateChainFile, certificateKeyFile).
Documentation says:
" If the installation uses APR - i.e. you have installed the Tomcat native library - then it will use the JSSE OpenSSL implementation, otherwise it will use the Java JSSE implementation." Or
" Note: If tomcat-native is installed, the configuration will use JSSE with an OpenSSL implementation, which supports either this configuration or the APR configuration example given below.
The APR connector uses different attributes for many SSL settings, particularly keys and certificates. An example of an APR configuration is:"
So are you using TC Native?
Best regards
Peter