Re: Let's encrypt SSL config

Thu, 07 Jan 2021 13:53:38 -0800 

Hi Ivan,



> Am 07.01.2021 um 20:42 schrieb i...@wordme.app:
> 
> Hi,
> 
> It drives me nuts now.
> 
> I have created sym links to the PEM files. I made the PEM files readable for
> the tomcat user. I set the server.xml to use SSL. And the connector fails to
> start.
> 
>   <Connector port="8443"
> 
>              protocol="org.apache.coyote.http11.Http11NioProtocol"
> 
>              maxThreads="200"
> 
>              scheme="https"
> 
>              secure="true"
> 
>              SSLEnabled="true"
> 
>              clientAuth="false"
> 
>              sslProtocol="TLS"
> 
> 
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementat
> ion"
> 
>              defaultSSLHostConfigName="mydomain.com"
> 
>> 
> 
>       <SSLHostConfig hostName="mydomain.com"
> protocols="+TLSv1,+TLSv1.1,+TLSv1.2">
> 
>           <Certificate
> 
>               certificateKeyFile="conf/privkey.pem"
> 
>               certificateFile="conf/cert.pem"
> 
>               certificateChainFile="conf/chain.pem"
> 
>               type="UNDEFINED"
> 
>           />
> 
>       </SSLHostConfig>
> 
>   </Connector>
> 
> 

Maybe want to try an absolute path like so: ${catalina.base}/conf/ or 
${catalina.home}/conf/ ?

Peter
> 
> I did try to change the type to RSA, to no avail. All I see in the log is:
> 
> 02-Jan-2021 17:40:54.398 INFO [main] org.apache.coyote.AbstractProtocol.init
> Initializing ProtocolHandler ["https-openssl-nio-8443"]
> 
> 02-Jan-2021 17:40:54.466 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[HTTP/1.1-8443]]
> 
>       org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> 
>               at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
> 
>               ... some lines removed
> 
>               at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
> 
>       Caused by: java.lang.IllegalArgumentException
> 
>               at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss
> eEndpoint.java:99)
> 
>               ... some lines are removed
> 
>               at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
> 
>               ... 13 more
> 
>       Caused by: java.io.IOException
> 
>               at
> org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:302)
> 
>               at
> org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.ja
> va:98)
> 
>               at
> org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247
> )
> 
>               at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJss
> eEndpoint.java:97)
> 
>               ... 20 more
> 
> 
> 
> I've checked the SSLUtilBase.java code (tomcat 9.0.33):
> 
>           if (certificate.getCertificateFile() == null) {
> 
>               throw new IOException(sm.getString("jsse.noCertFile"));
> 
>           }
> 
> 
> 
> I did try to copy the files instead of using sym links. No avail. Removed
> the comments from the cert files. No avail. It seems tomcat cannot find the
> files I've specified in the server.xml.
> 
> What do I miss?
> 
> 
> 
> Best Regards,
> 
> Ivan

Reply via email to