You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "pawel.jasinski" <pa...@gmail.com> on 2008/11/08 13:15:00 UTC
apr ssl tomcat 6.0.18 (5.5.25), unknown pbe algorithm
hi,
when I try to use encrypted private key with apr I get the following in
error in log.
Nov 8, 2008 12:47:00 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: Unable to load certificate key
/home/rejap/app/certs/rzuem5008u-enc.key (error:06074079:digital envelope
routines:EVP_PBE_CipherInit:unknown pbe algorithm)
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:684)
at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Nov 8, 2008 12:47:00 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
my setup:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
sslProtocol="TLSv1"
SSLCertificateFile="/home/rejap/app/certs/rzuem5008u.crt"
SSLCertificateKeyFile="/home/rejap/app/certs/rzuem5008u-enc.key"
SSLPassword="12345"
SSLCertificateChainFile="/home/rejap/app/certs/cacert.pem"
SSLVerifyClient="require"
SSLVerifyDepth="10"
SSLCACertificateFile="/home/rejap/app/certs/all-cacerts.pem"
/>
For now I am forced to use key without encryption.
Note:
To convert the key from encrypted to unencrypted i use:
openssl pkcs8 -topk8 -nocrypt -in rzuem5008u-enc.key -inform PEM -out
tmp.der -outform DER
openssl pkcs8 -nocrypt -in tmp.der -inform DER -out rzuem5008u.key -outform
PEM
I tired 5.5.25 and 6.0.18, on 6.0.18. On 6 in addition to error there is a
prompt for password. The final result is always the same.
This is all under ubuntu 8.04 (apr 1.2.11-1, ssl 0.9.8g-4ubuntu3.3)
Pawel
--
View this message in context: http://www.nabble.com/apr-ssl-tomcat-6.0.18-%285.5.25%29%2C-unknown-pbe-algorithm-tp20395480p20395480.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org