You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2022/07/28 22:17:05 UTC
[Bug 66185] New: SSL Configuration error
https://bz.apache.org/bugzilla/show_bug.cgi?id=66185
Bug ID: 66185
Summary: SSL Configuration error
Product: Tomcat 10
Version: 10.0.20
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: jasdeep.dhillon@toronto.ca
Target Milestone: ------
Created attachment 38350
--> https://bz.apache.org/bugzilla/attachment.cgi?id=38350&action=edit
Catalina Log file
Hi,
I ma trying to configure SSL certificate in TOMCAT 10.0.20. Modified Server.xml
file and added the following connector and SSL config tags:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
defaultSSLHostConfigName="mvclkt021.toronto.ca"
keystoreFile="C:\Program
Files\Java\jdk-11.0.10+9\bin\keystore_20220721.jks" keystorePass="T0mc@t"
clientAuth="false" sslProtocol="TLS">
<SSLHostConfig hostName="mvclkt021.toronto.ca">
<Certificate certificateKeystoreFile="C:\Program
Files\Java\jdk-11.0.10+9\bin\keystore_20220721.jks" keystorePass="T0mc@t"
type="RSA" />
</SSLHostConfig>
But when i start Tomcat service, I see the following error in catalina log
file:
O [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-8080"]
28-Jul-2022 17:59:40.262 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-jsse-nio-443"]
28-Jul-2022 17:59:40.747 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component
[Connector[org.apache.coyote.http11.Http11NioProtocol-443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1042)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: keystore password was
incorrect
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:205)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
... 13 more
Caused by: java.io.IOException: keystore password was incorrect
at
java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2117)
at
java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
at java.base/java.security.KeyStore.load(KeyStore.java:1479)
at
org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
at
org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:217)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:207)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:283)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)
... 20 more
Caused by: java.security.UnrecoverableKeyException: failed to decrypt
safe contents entry: javax.crypto.BadPaddingException: Given final block not
properly padded. Such issues can arise if a bad key is used during decryption.
... 29 more
"
Keystore password is correct. I have successfully installed SSL certificates on
other servers running Tomcat 8.5 and 9.0 without any issues. I didn't added any
<SSLConfig> tag to server.xml file. Only <connector> tag and it is working:
this is the tag i added to Tomcat 8.5 and 9.0 and it works perfectly:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Program
Files\Java\jdk-11.0.10+9\bin\keystore_20220721.jks" keystorePass="T0mc@t"
clientAuth="false" sslProtocol="TLS" />
Request help at the earliest as we are in middle of deployment.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 66185] SSL Configuration error
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66185
Piotr P. Karwasz <pk...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Piotr P. Karwasz <pk...@apache.org> ---
Hi Jasdeep,
Can you correctly list the contents of the keystore with the `keytool` utility
from your JDK 11:
keytool -list -keystore C:\Program
Files\Java\jdk-11.0.10+9\bin\keystore_20220721.jks
There has been some recent JDK bugs that prevented it from opening certain
keystores.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 66185] SSL Configuration error
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=66185
Christopher Schultz <ch...@christopherschultz.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #2 from Christopher Schultz <ch...@christopherschultz.net> ---
Bugzilla is not a support forum. Please post your question to the users'
mailing list.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org