Re: Unable to get SSL working on Tomcat 8.5
On 05/12/2016 18:33, Jim Weill wrote: > > > On 12/5/2016 8:43 AM, Mark Thomas wrote: >> On 05/12/2016 16:13, Mark Thomas wrote: >>> On 01/12/2016 22:17, Jim Weill wrote: sslEnabledProtocols is now just protocols for one thing. And you have to put your certificate stuff in an sub-section to the connector now. >>> That should not be necessary. Tomcat should handle the conversion for >>> you under the hood. >>> >>> I've tested this with a JKS store but not a pkcs12 store. Let me see if >>> there is something extra we need to do in the pkcs12 case. >> Confirmed. This is working as expected. The following works with 8.0.x >> and 8.5.x. I've built both from trunk but there are no relevant changes >> since the last release of each. >> >> > protocol="org.apache.coyote.http11.Http11NioProtocol" >> maxThreads="150" >> SSLEnabled="true" >> scheme="https" >> secure="true" >> clientAuth="false" >> sslProtocol="TLS" >> keystoreFile="conf/localhost-rsa.p12" >> keystoreType="PKCS12" >> keyPass="changeit" /> >> >> Mark >> > > > So what might have changed with tomcat between 7.0 and 8.5 then? I > upgraded from 7.0 to 8.5 and had to do the separate SSLHostConfig > section and change to the more updated connector syntax when a single > connector string as shown above used to work. The auto-switching to use the OpenSSL encryption could be a factor. Although any error is likely to include OpenSSL support classes in the stack trace. Another possibility is alias handling although that also looks to be OpenSSL related. I've found at one case where a keystore with a single key/cert/chain fails. I'm currently working on a patch for that. It should make it into a release in the new year. Tracking down the root cause is likely to involve debugging both the TLS handshake and the TLS connector initialisation. If you are able to that, great. If not, if you can provide a sample configuration - including dummy keys, certs and chains - that fails that others can use to debug then that would very helpful. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to get SSL working on Tomcat 8.5
On 12/5/2016 8:43 AM, Mark Thomas wrote: On 05/12/2016 16:13, Mark Thomas wrote: On 01/12/2016 22:17, Jim Weill wrote: sslEnabledProtocols is now just protocols for one thing. And you have to put your certificate stuff in an sub-section to the connector now. That should not be necessary. Tomcat should handle the conversion for you under the hood. I've tested this with a JKS store but not a pkcs12 store. Let me see if there is something extra we need to do in the pkcs12 case. Confirmed. This is working as expected. The following works with 8.0.x and 8.5.x. I've built both from trunk but there are no relevant changes since the last release of each. Mark So what might have changed with tomcat between 7.0 and 8.5 then? I upgraded from 7.0 to 8.5 and had to do the separate SSLHostConfig section and change to the more updated connector syntax when a single connector string as shown above used to work. jim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to get SSL working on Tomcat 8.5
On 05/12/2016 16:13, Mark Thomas wrote: > On 01/12/2016 22:17, Jim Weill wrote: >> sslEnabledProtocols is now just protocols for one thing. And you have to >> put your certificate stuff in an sub-section to the >> connector now. > > That should not be necessary. Tomcat should handle the conversion for > you under the hood. > > I've tested this with a JKS store but not a pkcs12 store. Let me see if > there is something extra we need to do in the pkcs12 case. Confirmed. This is working as expected. The following works with 8.0.x and 8.5.x. I've built both from trunk but there are no relevant changes since the last release of each. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Unable to get SSL working on Tomcat 8.5
It's working for me with the configuration attributes apart from your configuration : sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation". keystoreFile="certificate path" in the element. I couldn't succeed with the element -- Ram. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, December 05, 2016 10:14 AM To: Tomcat Users List Subject: Re: Unable to get SSL working on Tomcat 8.5 ** This mail has been sent from an external source ** On 01/12/2016 22:17, Jim Weill wrote: > sslEnabledProtocols is now just protocols for one thing. And you have > to put your certificate stuff in an sub-section to the > connector now. That should not be necessary. Tomcat should handle the conversion for you under the hood. I've tested this with a JKS store but not a pkcs12 store. Let me see if there is something extra we need to do in the pkcs12 case. Mark > Here's how ours had to be reconfigured (on 8443 instead of 443) using > NIO and JSSE: > > protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" > SSLEnabled="true" protocols="TLSv1.2"> > > certificateKeyFile="path-to-cert-keyfile" /> > > > > Hope this helps. The parts that are relevant to your certificate are > in the section here: > https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_ > -_SSLHostConfig but scroll up slightly to get the instructions on how > to use this subsection. > > jim > > On 12/1/2016 1:26 PM, Bartlett, Todd wrote: >> Thanks for your reply, unfortunately I know very little about Tomcat >> beyond the server.xml config below. >> What are "hooks" and or whats been deprecated related to the below, >> or is there a new example config for using a .pfx Keystorefile? >> >> > protocol="HTTP/1.1" >> SSLEnabled="true" >> maxThreads="150" >> scheme="https" >> secure="true" >> keystoreFile="C:\.pfx" >> keystorePass="" >> keystoreType="pkcs12" >> clientAuth="false" >> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> >> >> -Original Message- >> From: Jim Weill [mailto:moon...@icsi.berkeley.edu] >> Sent: Thursday, December 01, 2016 2:38 PM >> To: Tomcat Users List <users@tomcat.apache.org> >> Subject: Re: Unable to get SSL working on Tomcat 8.5 >> >> Are you using the 8.5 reference? >> https://tomcat.apache.org/tomcat-8.5-doc/config/http.html >> >> When we updated to 8.5, we also found things changed with the >> connector for SSL. The above page is the current guide, and you'll >> notice several of the hooks have been deprecated since 6.0 >> >> jim >> >> On 12/1/2016 11:28 AM, Bartlett, Todd wrote: >>> Thanks for replying, some more information. >>> >>> Tomcat 8.0 works fine with this configuration (Ive tested both >>> installs on same server, same .pfx) (note no other changes anywhere, >>> just a fresh install and modifying the server.xml) We have been >>> using this config since 6.0 through 8.0. >>> >>> Something changed in 8.5, it does not seem to recognize or load the >>> .pfx file anymore. >>> >>> Thanks >>> >>> Todd >>> >>> -Original Message- >>> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >>> Sent: Wednesday, November 30, 2016 8:52 PM >>> To: Tomcat Users List <users@tomcat.apache.org> >>> Subject: Re: Unable to get SSL working on Tomcat 8.5 >>> > Todd, > > On 11/29/16 4:41 PM, Bartlett, Todd wrote: >>>>> The below settings work fine on 6.0 version (no other changes Im >>>>> aware >>>>> of) Error received Failed to initialize component >>>>> [Connector[HTTP/1.1-443 > What's the rest of the error message? > >>>>> >>>> maxThreads="150" scheme="https" secure="true" >>>>> keystoreFile="C:\.pfx" keystorePass="" >>>>> keystoreType="pkcs12" clientAuth="false" >>>>> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> > Looks okay so far. You need to post more information. > > -chris >>> >>> >>> - To unsubscribe, e-mail: users-unsubscr...@
Re: Unable to get SSL working on Tomcat 8.5
On 01/12/2016 22:17, Jim Weill wrote: > sslEnabledProtocols is now just protocols for one thing. And you have to > put your certificate stuff in an sub-section to the > connector now. That should not be necessary. Tomcat should handle the conversion for you under the hood. I've tested this with a JKS store but not a pkcs12 store. Let me see if there is something extra we need to do in the pkcs12 case. Mark > Here's how ours had to be reconfigured (on 8443 instead > of 443) using NIO and JSSE: > > protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" > SSLEnabled="true" protocols="TLSv1.2"> > > certificateKeyFile="path-to-cert-keyfile" /> > > > > Hope this helps. The parts that are relevant to your certificate are in > the section here: > https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig > but scroll up slightly to get the instructions on how to use this > subsection. > > jim > > On 12/1/2016 1:26 PM, Bartlett, Todd wrote: >> Thanks for your reply, unfortunately I know very little about Tomcat >> beyond the server.xml config below. >> What are "hooks" and or whats been deprecated related to the below, or >> is there a new example config for using a .pfx Keystorefile? >> >> > protocol="HTTP/1.1" >> SSLEnabled="true" >> maxThreads="150" >> scheme="https" >> secure="true" >> keystoreFile="C:\.pfx" >> keystorePass="" >> keystoreType="pkcs12" >> clientAuth="false" >> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> >> >> -Original Message- >> From: Jim Weill [mailto:moon...@icsi.berkeley.edu] >> Sent: Thursday, December 01, 2016 2:38 PM >> To: Tomcat Users List <users@tomcat.apache.org> >> Subject: Re: Unable to get SSL working on Tomcat 8.5 >> >> Are you using the 8.5 reference? >> https://tomcat.apache.org/tomcat-8.5-doc/config/http.html >> >> When we updated to 8.5, we also found things changed with the >> connector for SSL. The above page is the current guide, and you'll >> notice several of the hooks have been deprecated since 6.0 >> >> jim >> >> On 12/1/2016 11:28 AM, Bartlett, Todd wrote: >>> Thanks for replying, some more information. >>> >>> Tomcat 8.0 works fine with this configuration (Ive tested both >>> installs on same server, same .pfx) (note no other changes anywhere, >>> just a fresh install and modifying the server.xml) We have been using >>> this config since 6.0 through 8.0. >>> >>> Something changed in 8.5, it does not seem to recognize or load the >>> .pfx file anymore. >>> >>> Thanks >>> >>> Todd >>> >>> -Original Message- >>> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >>> Sent: Wednesday, November 30, 2016 8:52 PM >>> To: Tomcat Users List <users@tomcat.apache.org> >>> Subject: Re: Unable to get SSL working on Tomcat 8.5 >>> > Todd, > > On 11/29/16 4:41 PM, Bartlett, Todd wrote: >>>>> The below settings work fine on 6.0 version (no other changes Im >>>>> aware >>>>> of) Error received Failed to initialize component >>>>> [Connector[HTTP/1.1-443 > What's the rest of the error message? > >>>>> >>>> maxThreads="150" scheme="https" secure="true" >>>>> keystoreFile="C:\.pfx" keystorePass="" >>>>> keystoreType="pkcs12" clientAuth="false" >>>>> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> > Looks okay so far. You need to post more information. > > -chris >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to get SSL working on Tomcat 8.5
sslEnabledProtocols is now just protocols for one thing. And you have to put your certificate stuff in an sub-section to the connector now. Here's how ours had to be reconfigured (on 8443 instead of 443) using NIO and JSSE: protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" protocols="TLSv1.2"> certificateKeyFile="path-to-cert-keyfile" /> Hope this helps. The parts that are relevant to your certificate are in the section here: https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig but scroll up slightly to get the instructions on how to use this subsection. jim On 12/1/2016 1:26 PM, Bartlett, Todd wrote: Thanks for your reply, unfortunately I know very little about Tomcat beyond the server.xml config below. What are "hooks" and or whats been deprecated related to the below, or is there a new example config for using a .pfx Keystorefile? -Original Message- From: Jim Weill [mailto:moon...@icsi.berkeley.edu] Sent: Thursday, December 01, 2016 2:38 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Unable to get SSL working on Tomcat 8.5 Are you using the 8.5 reference? https://tomcat.apache.org/tomcat-8.5-doc/config/http.html When we updated to 8.5, we also found things changed with the connector for SSL. The above page is the current guide, and you'll notice several of the hooks have been deprecated since 6.0 jim On 12/1/2016 11:28 AM, Bartlett, Todd wrote: Thanks for replying, some more information. Tomcat 8.0 works fine with this configuration (Ive tested both installs on same server, same .pfx) (note no other changes anywhere, just a fresh install and modifying the server.xml) We have been using this config since 6.0 through 8.0. Something changed in 8.5, it does not seem to recognize or load the .pfx file anymore. Thanks Todd -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, November 30, 2016 8:52 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Unable to get SSL working on Tomcat 8.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 11/29/16 4:41 PM, Bartlett, Todd wrote: The below settings work fine on 6.0 version (no other changes Im aware of) Error received Failed to initialize component [Connector[HTTP/1.1-443 What's the rest of the error message? Looks okay so far. You need to post more information. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj l9lZDcQlY4Q+sZhDFifa =Op4c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Unable to get SSL working on Tomcat 8.5
Thanks for your reply, unfortunately I know very little about Tomcat beyond the server.xml config below. What are "hooks" and or whats been deprecated related to the below, or is there a new example config for using a .pfx Keystorefile? -Original Message- From: Jim Weill [mailto:moon...@icsi.berkeley.edu] Sent: Thursday, December 01, 2016 2:38 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Unable to get SSL working on Tomcat 8.5 Are you using the 8.5 reference? https://tomcat.apache.org/tomcat-8.5-doc/config/http.html When we updated to 8.5, we also found things changed with the connector for SSL. The above page is the current guide, and you'll notice several of the hooks have been deprecated since 6.0 jim On 12/1/2016 11:28 AM, Bartlett, Todd wrote: > Thanks for replying, some more information. > > Tomcat 8.0 works fine with this configuration (Ive tested both > installs on same server, same .pfx) (note no other changes anywhere, > just a fresh install and modifying the server.xml) We have been using this > config since 6.0 through 8.0. > > Something changed in 8.5, it does not seem to recognize or load the .pfx file > anymore. > > Thanks > > Todd > > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, November 30, 2016 8:52 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: Unable to get SSL working on Tomcat 8.5 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Todd, > > On 11/29/16 4:41 PM, Bartlett, Todd wrote: >> The below settings work fine on 6.0 version (no other changes Im >> aware >> of) Error received Failed to initialize component >> [Connector[HTTP/1.1-443 > What's the rest of the error message? > >> > maxThreads="150" scheme="https" secure="true" >> keystoreFile="C:\.pfx" keystorePass="" >> keystoreType="pkcs12" clientAuth="false" >> sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> > Looks okay so far. You need to post more information. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche > ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V > 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg > KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ > XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W > 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf > zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM > IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo > hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz > ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY > 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj > l9lZDcQlY4Q+sZhDFifa > =Op4c > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to get SSL working on Tomcat 8.5
Are you using the 8.5 reference? https://tomcat.apache.org/tomcat-8.5-doc/config/http.html When we updated to 8.5, we also found things changed with the connector for SSL. The above page is the current guide, and you'll notice several of the hooks have been deprecated since 6.0 jim On 12/1/2016 11:28 AM, Bartlett, Todd wrote: Thanks for replying, some more information. Tomcat 8.0 works fine with this configuration (Ive tested both installs on same server, same .pfx) (note no other changes anywhere, just a fresh install and modifying the server.xml) We have been using this config since 6.0 through 8.0. Something changed in 8.5, it does not seem to recognize or load the .pfx file anymore. Thanks Todd -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, November 30, 2016 8:52 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Unable to get SSL working on Tomcat 8.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 11/29/16 4:41 PM, Bartlett, Todd wrote: The below settings work fine on 6.0 version (no other changes Im aware of) Error received Failed to initialize component [Connector[HTTP/1.1-443 What's the rest of the error message? Looks okay so far. You need to post more information. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj l9lZDcQlY4Q+sZhDFifa =Op4c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Unable to get SSL working on Tomcat 8.5
Thanks for replying, some more information. Tomcat 8.0 works fine with this configuration (Ive tested both installs on same server, same .pfx) (note no other changes anywhere, just a fresh install and modifying the server.xml) We have been using this config since 6.0 through 8.0. Something changed in 8.5, it does not seem to recognize or load the .pfx file anymore. Thanks Todd -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, November 30, 2016 8:52 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Unable to get SSL working on Tomcat 8.5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 11/29/16 4:41 PM, Bartlett, Todd wrote: > The below settings work fine on 6.0 version (no other changes Im aware > of) Error received Failed to initialize component > [Connector[HTTP/1.1-443 What's the rest of the error message? > maxThreads="150" scheme="https" secure="true" > keystoreFile="C:\.pfx" keystorePass="" > keystoreType="pkcs12" clientAuth="false" > sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> Looks okay so far. You need to post more information. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj l9lZDcQlY4Q+sZhDFifa =Op4c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Unable to get SSL working on Tomcat 8.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Todd, On 11/29/16 4:41 PM, Bartlett, Todd wrote: > The below settings work fine on 6.0 version (no other changes Im > aware of) Error received Failed to initialize component > [Connector[HTTP/1.1-443 What's the rest of the error message? > maxThreads="150" scheme="https" secure="true" > keystoreFile="C:\.pfx" keystorePass="" > keystoreType="pkcs12" clientAuth="false" > sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2" ciphers="..." /> Looks okay so far. You need to post more information. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYP4IrAAoJEBzwKT+lPKRY5hAP/3thD5lk9DDd/PMAN1s+Vche ghVnzNYryyBaqcFCFOpjUWlocWkaltV8yaWHRpkLpzvvRz1SnXVbKx7IRr5wAP6V 7qr4h8FLLubjukA/g42D8UkUmc/Q64ATPZEdKch8FszlchLqsdf1WSfp2e68k/Gg KPBB2New3bSc4XVxC90gItOcSgq6qwZlIINEYV+f/jsOJufkjzTPF4NllS0NM9i/ XA0EgRhUQlB1Lo9QfmJquniRmNHJwcIt6A810IISaL/f0o1TxFMpqD0xdBrULD+W 169HkBIdTEvpqa3RG9tIVEEDhkW8xN4KR/Q/+WmjxnUGzffDH4AAfJkYKOxYdMzf zFKG4ka+A5i2Qi9Z+Y87yi0fDKFsjxpA1ugeCRYpLKfTRnu2dkEGak2QRU4KpaIM IUdql0gy71ZdyNGHj0XTzen6mUqEm0k3AL0pzTsXK0eSvpHlT0Eh981VfGAZQKlo hs3gUFEdwNJ5xiWEil0tNtke9j8eNwPVE7jRy0QFguc6HkXmWr89DTDi/3W541Nz ZH7iONQBPtd1fcAk0PoAxuH7ldZ9LcjxZ1tV7t3KYv4SKcD5WjTe6Cc5eVCwQwxY 47TrkSq4enCGw6BbwX+iBKt9LY4MIugpnEp8o2sxnZ56B3bxwfT29/hWmKYmlRjj l9lZDcQlY4Q+sZhDFifa =Op4c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Unable to get SSL working on Tomcat 8.5
The below settings work fine on 6.0 version (no other changes Im aware of) Error received Failed to initialize component [Connector[HTTP/1.1-443 Thanks Todd Bartlett Systems Administrator ITS UNC Wilmington 910-962-2068