----- Original Message ----- > > Are you getting this error: > > > > java.lang.IllegalArgumentException: Alias name [sslserver] does not > > identify a key > > entry > > > > or this error? > > > > java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were > > provided > > for the host name [_default_]. Host names must be unique. > > > > If it's the first one, that means the PKCS #11 keystore (i.e. JSS keystore) > > cannot > > find the SSL server certificate. We may not have a solution since we do not > > support > > Java 11 yet. > > But I've patched Dogtag to support the new keystore, and am using JSS > 4.5.1, I thought they did support Java 11.. so something is missing > still then..
IIUC JSS was updated so it can build with Java 11, but I don't think it has been thoroughly tested yet. The only user of JSS keystore (that I'm aware of) is Dogtag and Dogtag is still using Java 8 on Fedora. > > If it's the second one, that message is coming from Tomcat when validating > > the > > server.xml. Is certificateVerification the only thing you change in that > > file? You > > might want to try adding defaultSSLHostConfigName to Connector and hostName > > to > > SSLHostConfig, but I'm really not sure what's going on. > > > > See also this page: > > https://stackoverflow.com/questions/42135892/tomcat-8-5-server-xml-multiple-sslhostconfig-elements-were-provided-for-the-ho > > > > If you put any of these deprecated attributes in the Connector directive, > > tomcat > > assumes you are using the old way and auto creates a SSLHostConfig itself, > > which > > then conflicts with the one you are creating. -- Endi S. Dewata _______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
