https://bz.apache.org/bugzilla/show_bug.cgi?id=67783
Bug ID: 67783 Summary: Fault when starting tomcat with a pkcs12 keystore that contains the TrustedKeyUsage OID Product: Tomcat 9 Version: 9.0.80 Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Servlet Assignee: dev@tomcat.apache.org Reporter: nhor...@gmail.com Target Milestone: ----- working on a bug reported here: https://github.com/openssl/openssl/issues/22215 A user reported to the openssl repo an issue in which, when a pkcs12 file is created that has a Trusted Key Usage OID set to Any Key usage, the following is observed when starting tomcat with the aforementioned keystore: 05-Oct-2023 14:53:20.690 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector["https-jsse-nio-10843"]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1011) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:554) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1040) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.startup.Catalina.load(Catalina.java:724) at org.apache.catalina.startup.Catalina.load(Catalina.java:746) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:236) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1324) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1337) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:652) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1009) ... 13 more Caused by: java.lang.IllegalArgumentException: Private key must be accompanied by certificate chain at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1163) at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:372) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:253) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105) ... 20 more -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org