On 19/03/2024 18:18, Timothy Resh wrote:
<Conneector ........ SSLProtocol="TLSv1.2" SSLCipherSuite="-ALL ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"SSLPassword="${KSENC(6qkaMErQ==; C:\Certificate\Keystore\Vessel.p12)}" SSLCertificateChainFile="C:Certificate\Public Key\WSD-2DNX4M3.......cer" SSLCertificateFile="C:\Certificate\Public Key\WSD-2DNX4M3.......cer" SSLCertificateKeyFile="C:\Certificate\Private Key\WSD-2DNX4M3......key" SSLVerifyClient="optional" SSLCACertificateFile="C:\Certificates\CA\intermediate.ca" SSLCACertificatePath="C:\Certificates\CA\"where the ..... is the fqdn This works fine *until* Tomcat 9.0.83 and now we get the following listed below. I have read some of the https://bz-he-de.apache.org/bugzilla/show_bug.cgi?id=67675 bugs and ask for help. The certificates are being created using openssl 3.013. Please note the encrypted password to the p12 keystore. There was a message saying this was going to be fixed in a January release. I just tested 9.0.87 and the error is the same. The ASN.1 is OBJECT IDENTIFIER=Sha256WithRSAEncryption (1.2.840.113549.1.1.11) Does anyone have some suggestions for a fix?
Please provide a set of OpenSSL commands that create a problematic, self-signed certificate for localhost. This will save us a *lot* of time.
Mark
Thanks Mark Resh 15-Mar-2024 18:27:37.621 WARNING [main] org.apache.tomcat.util.net.SSLUtilBase.getEnabled Tomcat interprets the [ciphers] attribute in a manner consistent with the latest OpenSSL development branch. Some of the specified [ciphers] are not supported by the configured SSL engine for this connector (which may use JSSE or an older OpenSSL version) and have been skipped: [[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]] 15-Mar-2024 18:27:37.636 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector["https-openssl-apr-192.168.56.1-8443"]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1011) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:554) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1039) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.startup.Catalina.load(Catalina.java:724) at org.apache.catalina.startup.Catalina.load(Catalina.java:746) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) Caused by: java.lang.IllegalArgumentException: The PKCS#8 encryption algorithm with DER encoded OID of [2a864886f70d010c0103] was not recognised at org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:467) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:433) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1332) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1345) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:654) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1009) ... 13 more Caused by: java.security.NoSuchAlgorithmException: The PKCS#8 encryption algorithm with DER encoded OID of [2a864886f70d010c0103] was not recognised at org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:379) at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:213) at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:141) at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:355) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:108) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:268) at org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:465) ... 19 more 15-Mar-2024 18:27:37.636 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [1655] milliseconds
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
