RE: server.xml setting broken with Tomcat 9.0.81

2024-02-28 Thread Jonathan Ho 
I resolved my issue by recreate the private key with different encryption
My old key was encrypted with DES-CBC, and new one I used AES-256-CBC
https://stackoverflow.com/questions/17733536/how-to-convert-a-private-key-to-an-rsa-private-key

openssl rsa -aes256 -in server.key  -out new.key

To answer some of your questions:
I tested with 9.0.86, 9.0.82, 9.0.81 and they all gave the me same 
error/failure.

-Original Message-
From: Konstantin Kolinko  
Sent: Wednesday, February 28, 2024 10:48 AM
To: users@tomcat.apache.org
Subject: Re: server.xml setting broken with Tomcat 9.0.81

ср, 28 февр. 2024 г. в 14:42, Jonathan Ho :
>
> I have following connectors in server.xml file and working for a long time 
> with various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. 
> I verified that 9.0.80 is working.
> What I am getting from 9.0.81 on startup is I will get pass phrase prompt on 
> tomcat start up and following errors in the log.
> I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the 
> problem?
>

1. OpenSSL 1.1.1 has reached End-of-Life, 
https://www.openssl.org/blog/blog/2023/09/11/eol-111/

2. If you suspect, that the version of Tomcat Native is the trigger of this 
issue:

On Windows it is easy to verify whether it is the cause:
just replace "bin/tcnative-1.dll" with an older version.

> or newer versions.
3. What never versions have you tested?

Have you tested the current Tomcat 9.0.86?
It updates Tomcat Native further, to 1.3.0.

Have you tested 9.0.83 or later?
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
Is not exactly your issue, but of a similar topic.

> I will get pass phrase prompt
4. That prompt is not issued by Tomcat.
Is that prompt expected?
Are you typing the password correctly?
Are you able to decode your key file using openssl.exe from a command line?

Note that a copy of openssl.exe is included with Tomcat Native binaries 
downloadable from https://tomcat.apache.org/download-native.cgi

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: server.xml setting broken with Tomcat 9.0.81

2024-02-28 Thread Konstantin Kolinko 
ср, 28 февр. 2024 г. в 14:42, Jonathan Ho :
>
> I have following connectors in server.xml file and working for a long time 
> with various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. 
> I verified that 9.0.80 is working.
> What I am getting from 9.0.81 on startup is I will get pass phrase prompt on 
> tomcat start up and following errors in the log.
> I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the 
> problem?
>

1. OpenSSL 1.1.1 has reached End-of-Life,
https://www.openssl.org/blog/blog/2023/09/11/eol-111/

2. If you suspect, that the version of Tomcat Native is the trigger of
this issue:

On Windows it is easy to verify whether it is the cause:
just replace "bin/tcnative-1.dll" with an older version.

> or newer versions.
3. What never versions have you tested?

Have you tested the current Tomcat 9.0.86?
It updates Tomcat Native further, to 1.3.0.

Have you tested 9.0.83 or later?
https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
Is not exactly your issue, but of a similar topic.

> I will get pass phrase prompt
4. That prompt is not issued by Tomcat.
Is that prompt expected?
Are you typing the password correctly?
Are you able to decode your key file using openssl.exe from a command line?

Note that a copy of openssl.exe is included with Tomcat Native
binaries downloadable from
https://tomcat.apache.org/download-native.cgi

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

server.xml setting broken with Tomcat 9.0.81

2024-02-28 Thread Jonathan Ho 
I have following connectors in server.xml file and working for a long time with 
various version of Tomcat 9 until I upgrade to 9.0.81 or newer versions. I 
verified that 9.0.80 is working.
What I am getting from 9.0.81 on startup is I will get pass phrase prompt on 
tomcat start up and following errors in the log.
I see openssl upgrade by tomcat from 1.x to 3.x in 9.0.81, could that be the 
problem?

Thanks

28-Feb-2024 06:26:05.127 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["http-nio2-8080"]
28-Feb-2024 06:26:05.150 INFO [main] 
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The 
["https-openssl-nio-9749"] connector has been configured to support negotiation 
to [h2] via ALPN
28-Feb-2024 06:26:05.150 INFO [main] org.apache.coyote.AbstractProtocol.init 
Initializing ProtocolHandler ["https-openssl-nio-9749"]
28-Feb-2024 06:27:47.172 WARNING [main] 
org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL 
context
  java.lang.Exception: Unable to load certificate key 
C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.key (error:1E08010C:DECODER 
routines::unsupported)
 at 
org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
 at 
org.apache.tomcat.util.net.openssl.OpenSSLContext.addCertificate(OpenSSLContext.java:492)
 at 
org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:349)
 at 
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:268)
 at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107)
 at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
 at 
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:236)
 at 
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1334)
 at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1347)
 at 
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:654)
 at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75)
 at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1009)
 at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
 at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:554)
 at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
 at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1046)
 at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127)
 at 
org.apache.catalina.startup.Catalina.load(Catalina.java:686)
 at 
org.apache.catalina.startup.Catalina.load(Catalina.java:709)
 at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at 
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
 at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
28-Feb-2024 06:27:47.174 INFO [main] 
org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector 
[https-openssl-nio-9749], TLS virtual host [_default_], certificate type [RSA] 
configured from key [C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.key], 
certificate [C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.cer] and 
certificate chain 
[C:\opt\Apache-SF\Tomcat-9/conf/r3m/files/server.chain.net.pem] with trust 
store [null]
28-Feb-2024 06:27:47.175 INFO [main] 
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The 
["https-openssl-nio-9869"] connector has been configured to support negotiation 
to [h2] via ALPN

Re: Core Dump File Generation

2024-02-28 Thread Olaf Kock 


On 28.02.24 12:03, Chaudhary, Mohit wrote:

Hi,

Java version 1.8.0_121 is running on server.


From the release notes of Java 1.8.0_121
(https://www.oracle.com/java/technologies/javase/8u121-relnotes.html):

The JRE expires whenever a new release with security vulnerability fixes
becomes available. Critical patch updates, which contain security
vulnerability fixes, are announced one year in advance on Critical Patch
Updates, Security Alerts and Third Party Bulletin
. This JRE (version 8u121) will
expire with the release of the next critical patch update scheduled for
April 18, 2017.

Take special note of the year-portion of the mentioned date.

And evaluate what other neglected software you run on a potentially
public-facing server.

Check first if you run into an issue that might have been fixed some
time in the past 7 years already, before debugging /any/ further.

Olaf

Re: Core Dump File Generation

2024-02-28 Thread Olaf Kock 



On 28.02.24 09:57, Chaudhary, Mohit wrote:

Hi All,

We are facing issues on tomcat. Core dump file generating very frequent twice 
to thrice in a month and core file size would be 13GB to 15GB every time 
.Whenever this issue is happening tomcat services stopped automatically. We 
have done analysis of hs_err_pid.log file and based on analysis we have tried 
many thing (such increased tomcat heap memory ) but unable to resolve this 
issue. Please suggest.


There's not much to suggest: A core dump can be analyzed for the root
cause of it being generated. Typically a problem that goes beyond what
Java code itself is capable to do. More often than not, native code - if
there is any involved - would be my first place to look at.

Also, as the JVM is native code itself: Make sure that it's up-to-date.

On top of that: Yes, when a core dump is generated, the process for
which it was generated is indeed stopped. That's what a crash does to
your process (even if core dumps were disabled or went to /dev/null).
You might want to set up your systems for automatic restart, most likely
with alerting someone of the condition and the restart, so that you have
an overview over how often it happens, but generally keep the service up.

Olaf


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Core Dump File Generation

2024-02-28 Thread Chaudhary, Mohit 
Hi,

Java version 1.8.0_121 is running on server.

Get Outlook for iOS

From: Simon Matter 
Sent: Wednesday, February 28, 2024 4:06:09 PM
To: Tomcat Users List 
Subject: RE: Core Dump File Generation

[You don't often get email from simon.mat...@invoca.ch. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Hi,

> Hi,
>
> I am talking about java core dump file which is generating on tomcat/bin
> path and the OS is RHEL 6.

What's the exact version of Java running?

Regards,
Simon

>
> Thanks & Regards,
> Mohit Chaudhary
>
>
> -Original Message-
> From: Simon Matter 
> Sent: Wednesday, February 28, 2024 3:03 PM
> To: Tomcat Users List 
> Subject: Re: Core Dump File Generation
>
> [You don't often get email from simon.mat...@invoca.ch. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi Mohit,
>
>> Hi All,
>>
>> We are facing issues on tomcat. Core dump file generating very
>> frequent twice to thrice in a month and core file size would be 13GB
>> to 15GB every time .Whenever this issue is happening tomcat services
>> stopped
>
> I'm a bit confused, are you talking about a UNIX style core file here or
> some kind of dump from Java?
>
> If it's a UNIX style core file then the culprit may be Java and not Tomcat
> - because Java should never ever dump a core file if it's running without
> errors.
>
> Regards,
> Simon
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Core Dump File Generation

2024-02-28 Thread Simon Matter 
Hi,

> Hi,
>
> I am talking about java core dump file which is generating on tomcat/bin
> path and the OS is RHEL 6.

What's the exact version of Java running?

Regards,
Simon

>
> Thanks & Regards,
> Mohit Chaudhary
>
>
> -Original Message-
> From: Simon Matter 
> Sent: Wednesday, February 28, 2024 3:03 PM
> To: Tomcat Users List 
> Subject: Re: Core Dump File Generation
>
> [You don't often get email from simon.mat...@invoca.ch. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi Mohit,
>
>> Hi All,
>>
>> We are facing issues on tomcat. Core dump file generating very
>> frequent twice to thrice in a month and core file size would be 13GB
>> to 15GB every time .Whenever this issue is happening tomcat services
>> stopped
>
> I'm a bit confused, are you talking about a UNIX style core file here or
> some kind of dump from Java?
>
> If it's a UNIX style core file then the culprit may be Java and not Tomcat
> - because Java should never ever dump a core file if it's running without
> errors.
>
> Regards,
> Simon
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Core Dump File Generation

2024-02-28 Thread Chaudhary, Mohit 
Hi,

I am talking about java core dump file which is generating on tomcat/bin path 
and the OS is RHEL 6.

Thanks & Regards,
Mohit Chaudhary


-Original Message-
From: Simon Matter 
Sent: Wednesday, February 28, 2024 3:03 PM
To: Tomcat Users List 
Subject: Re: Core Dump File Generation

[You don't often get email from simon.mat...@invoca.ch. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Hi Mohit,

> Hi All,
>
> We are facing issues on tomcat. Core dump file generating very
> frequent twice to thrice in a month and core file size would be 13GB
> to 15GB every time .Whenever this issue is happening tomcat services
> stopped

I'm a bit confused, are you talking about a UNIX style core file here or some 
kind of dump from Java?

If it's a UNIX style core file then the culprit may be Java and not Tomcat
- because Java should never ever dump a core file if it's running without 
errors.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Core Dump File Generation

2024-02-28 Thread Simon Matter 
Hi Mohit,

> Hi All,
>
> We are facing issues on tomcat. Core dump file generating very frequent
> twice to thrice in a month and core file size would be 13GB to 15GB every
> time .Whenever this issue is happening tomcat services stopped

I'm a bit confused, are you talking about a UNIX style core file here or
some kind of dump from Java?

If it's a UNIX style core file then the culprit may be Java and not Tomcat
- because Java should never ever dump a core file if it's running without
errors.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Core Dump File Generation

2024-02-28 Thread Chaudhary, Mohit 
Hi All,

We are facing issues on tomcat. Core dump file generating very frequent twice 
to thrice in a month and core file size would be 13GB to 15GB every time 
.Whenever this issue is happening tomcat services stopped automatically. We 
have done analysis of hs_err_pid.log file and based on analysis we have tried 
many thing (such increased tomcat heap memory ) but unable to resolve this 
issue. Please suggest.


Thanks & Regards,
Mohit Chaudhary