https://bz.apache.org/bugzilla/show_bug.cgi?id=59911
Bug ID: 59911
Summary: Using certificate from pem file does not work
Product: Tomcat 9
Version: 9.0.0.M9
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: jan0mich...@yahoo.com
Im trying to use tomcat 9.0.0.M9 with certificates from PEM files.
I do not want to use openssl and APR based Apache Tomcat Native library to be
not affected by security holes in native code.
So I installed a virtual server with no tomcat native library and no openssl.
Relevant part from server.xml:
<Service name="Catalina">
<!-- Connector port="8080" protocol="HTTP/1.1"... -->
<Connector port="8080"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000" redirectPort="8443" />
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
defaultSSLHostConfigName="abcde.xyz-informatik.de">
<SSLHostConfig hostName="abcde.xyz-informatik.de">
<!-- Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" /-->
<Certificate
certificateFile="conf/ssl/abcde.xyz-informatik.de/domain.crt"
certificateChainFile="conf/ssl/abcde.xyz-informatik.de/chain.crt"
certificateKeyFile="conf/ssl/abcde.xyz-informatik.de/domain.key"
certificateKeyPassword=""
type="RSA" />
</SSLHostConfig>
</Connector>
Gives exception at startup (if .keystore exists):
29-Jul-2016 12:14:36.217 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-jsse-nio-8443"]
29-Jul-2016 12:14:36.620 SEVERE [main] org.apache.coyote.AbstractProtocol.init
Failed to initialize end point associated with ProtocolHandler
["https-jsse-nio-8443"]
java.lang.IllegalArgumentException: java.io.IOException: Alias name tomcat
does not identify a key entry
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:80)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: java.io.IOException: Alias name tomcat does not identify a key entry
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
... 19 more
29-Jul-2016 12:14:36.623 SEVERE [main]
org.apache.catalina.core.StandardService.initInternal Failed to initialize
connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: java.io.IOException: Alias name
tomcat does not identify a key entry
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:80)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
... 13 more
Caused by: java.io.IOException: Alias name tomcat does not identify a key entry
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:213)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
... 19 more
Gives exception at startup (if .keystore does not exist):
29-Jul-2016 12:18:19.366 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-jsse-nio-8443"]
29-Jul-2016 12:18:19.821 SEVERE [main]
org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore type
[JKS] with path [/opt/tomcat9//.keystore] due to [/opt/tomcat9/.keystore (No
such file or directory)]
java.io.FileNotFoundException: /opt/tomcat9/.keystore (No such file or
directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at
org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:80)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
29-Jul-2016 12:18:19.824 SEVERE [main] org.apache.coyote.AbstractProtocol.init
Failed to initialize end point associated with ProtocolHandler
["https-jsse-nio-8443"]
java.lang.IllegalArgumentException: java.io.FileNotFoundException:
/opt/tomcat9/.keystore (No such file or directory)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:80)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: java.io.FileNotFoundException: /opt/tomcat9/.keystore (No such file
or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at
org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
... 19 more
29-Jul-2016 12:18:19.827 SEVERE [main]
org.apache.catalina.core.StandardService.initInternal Failed to initialize
connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:606)
at org.apache.catalina.startup.Catalina.load(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: java.io.FileNotFoundException:
/opt/tomcat9/.keystore (No such file or directory)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:102)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:80)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:245)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:558)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
... 13 more
Caused by: java.io.FileNotFoundException: /opt/tomcat9/.keystore (No such file
or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at java.io.FileInputStream.<init>(FileInputStream.java:93)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
at
org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:96)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:129)
at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:187)
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:189)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
... 19 more
I found this: #59910
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
