Hi Ivan,
> Am 07.01.2021 um 20:42 schrieb i...@wordme.app: > > Hi, > > It drives me nuts now. > > I have created sym links to the PEM files. I made the PEM files readable for > the tomcat user. I set the server.xml to use SSL. And the connector fails to > start. > > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > maxThreads="200" > > scheme="https" > > secure="true" > > SSLEnabled="true" > > clientAuth="false" > > sslProtocol="TLS" > > > sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementat > ion" > > defaultSSLHostConfigName="mydomain.com" > >> > > <SSLHostConfig hostName="mydomain.com" > protocols="+TLSv1,+TLSv1.1,+TLSv1.2"> > > <Certificate > > certificateKeyFile="conf/privkey.pem" > > certificateFile="conf/cert.pem" > > certificateChainFile="conf/chain.pem" > > type="UNDEFINED" > > /> > > </SSLHostConfig> > > </Connector> > > Maybe want to try an absolute path like so: ${catalina.base}/conf/ or ${catalina.home}/conf/ ? Peter > > I did try to change the type to RSA, to no avail. All I see in the log is: > > 02-Jan-2021 17:40:54.398 INFO [main] org.apache.coyote.AbstractProtocol.init > Initializing ProtocolHandler ["https-openssl-nio-8443"] > > 02-Jan-2021 17:40:54.466 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component [Connector[HTTP/1.1-8443]] > > org.apache.catalina.LifecycleException: Protocol handler > initialization failed > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1013) > > ... some lines removed > > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) > > Caused by: java.lang.IllegalArgumentException > > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss > eEndpoint.java:99) > > ... some lines are removed > > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1010) > > ... 13 more > > Caused by: java.io.IOException > > at > org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:302) > > at > org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.ja > va:98) > > at > org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247 > ) > > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss > eEndpoint.java:97) > > ... 20 more > > > > I've checked the SSLUtilBase.java code (tomcat 9.0.33): > > if (certificate.getCertificateFile() == null) { > > throw new IOException(sm.getString("jsse.noCertFile")); > > } > > > > I did try to copy the files instead of using sym links. No avail. Removed > the comments from the cert files. No avail. It seems tomcat cannot find the > files I've specified in the server.xml. > > What do I miss? > > > > Best Regards, > > Ivan