You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "pawel.jasinski" <pa...@gmail.com> on 2008/11/08 13:15:00 UTC

apr ssl tomcat 6.0.18 (5.5.25), unknown pbe algorithm

hi, 

when I try to use encrypted private key with apr I get the following in
error in log.

Nov 8, 2008 12:47:00 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: Unable to load certificate key
/home/rejap/app/certs/rzuem5008u-enc.key (error:06074079:digital envelope
routines:EVP_PBE_CipherInit:unknown pbe algorithm)
        at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
        at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:684)
        at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
        at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
        at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
        at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Nov 8, 2008 12:47:00 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start

my setup:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               sslProtocol="TLSv1"
               SSLCertificateFile="/home/rejap/app/certs/rzuem5008u.crt"
              
SSLCertificateKeyFile="/home/rejap/app/certs/rzuem5008u-enc.key"
               SSLPassword="12345"
               SSLCertificateChainFile="/home/rejap/app/certs/cacert.pem"

               SSLVerifyClient="require"
               SSLVerifyDepth="10"
               SSLCACertificateFile="/home/rejap/app/certs/all-cacerts.pem" 
               />


For now I am forced to use key without encryption.

Note:
To convert the key from encrypted to unencrypted i use:
openssl pkcs8 -topk8 -nocrypt -in rzuem5008u-enc.key -inform PEM -out
tmp.der -outform DER
openssl pkcs8 -nocrypt -in tmp.der -inform DER -out rzuem5008u.key -outform
PEM

I tired 5.5.25 and 6.0.18, on 6.0.18. On 6 in addition to error there is a
prompt for password. The final result is always the same.
This is all under ubuntu 8.04 (apr 1.2.11-1, ssl 0.9.8g-4ubuntu3.3)


Pawel
-- 
View this message in context: http://www.nabble.com/apr-ssl-tomcat-6.0.18-%285.5.25%29%2C-unknown-pbe-algorithm-tp20395480p20395480.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org