You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "George S." <ge...@mhsoftware.com> on 2018/03/01 23:31:40 UTC
Tomcat 8.5.28 SSL - Cannot store non-PrivateKeys
I'm hitting the error:
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
Caused by: java.lang.IllegalArgumentException: Cannot store non-PrivateKeys
The connector is configured as:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
address="10.0.0.62"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeyFile="conf/key.pem"
certificateFile="conf/certificate.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
I've verified the tomcat user can read the two files, and I've su'd to user tomcat and used:
openssl rsa -in key.pem -text
and the private key was dumped as expected. The key is not encrypted. The cert is self-signed and was generated by OpenSSL using CA.sh.
I'm kind of at a loss here. The example server.xml entries show naming PEM files directly, and the connector docs seem to imply that pem files are supported.
Can anyone give me a pointer on what to do here?
--
George S.
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
Re: Tomcat 8.5.28 SSL - Cannot store non-PrivateKeys
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
George,
On 3/1/18 6:31 PM, George S. wrote:
> I'm hitting the error:
>
> SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
> org.apache.catalina.LifecycleException: Failed to initialize
> component [Connector[HTTP/1.1-8443]] Caused by:
> org.apache.catalina.LifecycleException: Protocol handler
> initialization failed Caused by:
> java.lang.IllegalArgumentException: Cannot store non-PrivateKeys
>
> The connector is configured as:
>
>
> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> address="10.0.0.62" maxThreads="150" SSLEnabled="true">
> <SSLHostConfig> <Certificate certificateKeyFile="conf/key.pem"
> certificateFile="conf/certificate.pem" type="RSA" />
> </SSLHostConfig> </Connector>
>
> I've verified the tomcat user can read the two files, and I've su'd
> to user tomcat and used:
>
> openssl rsa -in key.pem -text
>
> and the private key was dumped as expected. The key is not
> encrypted. The cert is self-signed and was generated by OpenSSL
> using CA.sh.
>
> I'm kind of at a loss here. The example server.xml entries show
> naming PEM files directly, and the connector docs seem to imply
> that pem files are supported.
>
> Can anyone give me a pointer on what to do here?
Can you post the full stack trace?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlqpMncdHGNocmlzQGNo
cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFjjfxAAih2I3LYlq1CK/jr3
+kSQnlBd/A8jEG5DhgWHxNogc6kWRg06FhF/vahoAkcik/dP1378tf7J19M1uMRM
zjvoB9is69ndSWEZd4s6IRxuevgb41Z4f95vbkkoLINc66OdW8dkNy1dIiE2FU6I
zEePIpr0x+A00fIYHTn4MaTFp0KmthnfK1xpJ/8sfa07aWj61o1WoIhgZ947izN7
oEidKrpabsSyhTxRMJcOQRrOje6nHYpuSnSrOTAMpdTy9gx3jOrMgp4jdZGlkxSe
6WAWabYj9Vp3YEBABgRC6xBfA1OSF1pDWGL86KikTI7DgIjlDRuWsCxAWMKTRZts
Qhe30w6XVhb8oYqqsgnHcUl+7Y1bcoCp58bswmwyHAUpo8oSMD8l5+H7kzyKFyWl
Sr+lirwBZaFEaQcso0xjT5onUWcWmEnQCeDL+mEGbrBzhkzsgw3JnyY49piFxdPa
I9ITf1JIuzEzdgf/eb+X2aQFhsYdeYGQxjo1bR0i0FysNaa+bTDj+PzA2wmw/Jsr
MWsjsfUQywf+3JlMsxJTqoE5tsrMc1YHpcRSdekPPe0JTO/s/2noEwsJ6m6nyzUR
/s847U+GcrII/R6btN+4ZhgaxFlTLxZbNrKQyjGyY2EadaAoCOEBRqV2C7SaJIbi
IECm0k0MhI+BvHWTiBrguFKWabE=
=udOa
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 8.5.28 SSL - Cannot store non-PrivateKeys
Posted by Richard Tearle <ri...@northgateps.com>.
Hello
On 1 March 2018 at 23:31, George S. <ge...@mhsoftware.com> wrote:
> I'm hitting the error:
>
> SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
> org.apache.catalina.LifecycleException: Failed to initialize component
> [Connector[HTTP/1.1-8443]]
> Caused by: org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> Caused by: java.lang.IllegalArgumentException: Cannot store
> non-PrivateKeys
>
> The connector is configured as:
>
>
> <Connector port="8443" protocol="org.apache.coyote.ht
> tp11.Http11NioProtocol"
> address="10.0.0.62"
> maxThreads="150" SSLEnabled="true">
> <SSLHostConfig>
> <Certificate certificateKeyFile="conf/key.pem"
> certificateFile="conf/certificate.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
>
> I've verified the tomcat user can read the two files, and I've su'd to
> user tomcat and used:
>
> openssl rsa -in key.pem -text
>
> and the private key was dumped as expected. The key is not encrypted. The
> cert is self-signed and was generated by OpenSSL using CA.sh.
>
> I'm kind of at a loss here. The example server.xml entries show naming PEM
> files directly, and the connector docs seem to imply that pem files are
> supported.
>
> Can anyone give me a pointer on what to do here?
>
> --
> George S.
> *MH Software, Inc.*
> Voice: 303 438 9585
> http://www.mhsoftware.com
>
Are you using the Tomcat Native Library? I think that's required when using
PEM encoded certificates.
--
*Richard Tearle BSc(Hons) MCP*
Senior Consultant
*Northgate Public Services (NPS)*
Mobile: +44 (0)7738 888315
Email: richard.tearle@northgateps.com
Web: www.n <http://www.northgate-is.com/>orthgatepublicservices.co.uk
Please consider the environment before printing this e-mail
--
This email is sent on behalf of Northgate Public Services (UK) Limited and
its associated companies including Rave Technologies (India) Pvt Limited
(together "Northgate Public Services") and is strictly confidential and
intended solely for the addressee(s).
If you are not the intended recipient of this email you must: (i) not
disclose, copy or distribute its contents to any other person nor use its
contents in any way or you may be acting unlawfully; (ii) contact
Northgate Public Services immediately on +44(0)1442 768445 quoting the name
of the sender and the addressee then delete it from your system.
Northgate Public Services has taken reasonable precautions to ensure that
no viruses are contained in this email, but does not accept any
responsibility once this email has been transmitted. You should scan
attachments (if any) for viruses.
Northgate Public Services (UK) Limited, registered in England and Wales
under number 00968498 with a registered address of Peoplebuilding 2,
Peoplebuilding Estate, Maylands Avenue, Hemel Hempstead, Hertfordshire, HP2
4NW. Rave Technologies (India) Pvt Limited, registered in India under
number 117068 with a registered address of 2nd Floor, Ballard House, Adi
Marzban Marg, Ballard Estate, Mumbai, Maharashtra, India, 400001.