Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux
Ok thank you for the replies. It may take me some time to be able to test rev21 on the production server with its keystore (but maybe I can test it locally too - if it at least starts up). Any other info you need from me to help identify the issues needing resolution? On Fri, Sep 22, 2017 at 1:46 AM, Mark Thomas <ma...@apache.org> wrote: > On 22 September 2017 00:41:04 BST, "André Warnier (tomcat)" <a...@ice-sa.com> > wrote: > >Hi. > > > >Could this also be the problem on the other thread "tomcat ssl setup" > >(tomcat 9) ? > > Could be, yes. It looks like there are still some problems to iron out > with the fix for keystrokes that contain keys with different passwords. > > Mark > > > > > >log : > > > >08-Sep-2017 15:24:36.300 SEVERE [main] > >org.apache.catalina.util.LifecycleBase.handleSubClassException Failed > >to initialize > >component [Connector[HTTP/1.1-8443]] > >org.apache.catalina.LifecycleException: Protocol handler initialization > >failed > >... > >Caused by: java.lang.IllegalArgumentException: > >java.security.KeyStoreException: Cannot > >store non-PrivateKeys > > at > >org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext( > AbstractJsseEndpoint.java:113) > > > > > > > > > > > > Forwarded Message > >Subject: Re: "Cannot store non-PrivateKeys" exception moving from > >8.0.37 to 8.5.20 - Linux > >Date: Thu, 21 Sep 2017 23:39:09 +0100 > >From: Mark Thomas <ma...@apache.org> > >Reply-To: Tomcat Users List <users@tomcat.apache.org> > >To: Tomcat Users List <users@tomcat.apache.org> > > > >On 21/09/17 17:19, Sean Dawson wrote: > >> Hello, > >> > >> We migrated our application that was running fine on 8.0.37 to 8.5.20 > >and > >> on startup we receive: > >> > >> java.lang.IllegalArgumentException: java.security.KeyStoreException: > >Cannot > >> store non-PrivateKeys > > > >Try 8.5.21. It is on the mirrors but you'll need to follow the browse > >link on the download page to find it. > > > >Mark > > > >> > >> I unfortunately deleted the logs and under time pressure we had to go > >back > >> to 8.0.37 so I don't have the full stacktrace. But I didn't see > >anything > >> else in them that looked helpful. > >> > >> I've googled and couldn't really get any good answers that applied to > >> us.This seemed a bit similar but we do have sslEnabled set (and the > >issue > >> is apparently fixed)... > >> > >> http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html > >> > >> I've tried modifying the connector based off the current 8.5 > >> documentation. But always get the above. > >> > >> We're on: CentOS release 6.9 (Final), > >> Java version "1.8.0_144" > >> > >> >protocol="org.apache.coyote.http11.Http11NioProtocol" > >>maxThreads="150" SSLEnabled="true" > >asyncTimeout="6" > >> compression="on" > >> scheme="https" secure="true" > > >> >> sslEnabledProtocols="TLSv1,TSLv1.1,TLSv1.2" > >> sslProtocol="TLS" > >> certificateVerification="false" > > >> >> certificateKeystorePassword="masked" > >> type="RSA" /> > >> > >> > >> > > > > > >- > >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > >- > >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux
On 22 September 2017 00:41:04 BST, "André Warnier (tomcat)" <a...@ice-sa.com> wrote: >Hi. > >Could this also be the problem on the other thread "tomcat ssl setup" >(tomcat 9) ? Could be, yes. It looks like there are still some problems to iron out with the fix for keystrokes that contain keys with different passwords. Mark > >log : > >08-Sep-2017 15:24:36.300 SEVERE [main] >org.apache.catalina.util.LifecycleBase.handleSubClassException Failed >to initialize >component [Connector[HTTP/1.1-8443]] >org.apache.catalina.LifecycleException: Protocol handler initialization >failed >... >Caused by: java.lang.IllegalArgumentException: >java.security.KeyStoreException: Cannot >store non-PrivateKeys > at >org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113) > > > > > >---- Forwarded Message >Subject: Re: "Cannot store non-PrivateKeys" exception moving from >8.0.37 to 8.5.20 - Linux >Date: Thu, 21 Sep 2017 23:39:09 +0100 >From: Mark Thomas <ma...@apache.org> >Reply-To: Tomcat Users List <users@tomcat.apache.org> >To: Tomcat Users List <users@tomcat.apache.org> > >On 21/09/17 17:19, Sean Dawson wrote: >> Hello, >> >> We migrated our application that was running fine on 8.0.37 to 8.5.20 >and >> on startup we receive: >> >> java.lang.IllegalArgumentException: java.security.KeyStoreException: >Cannot >> store non-PrivateKeys > >Try 8.5.21. It is on the mirrors but you'll need to follow the browse >link on the download page to find it. > >Mark > >> >> I unfortunately deleted the logs and under time pressure we had to go >back >> to 8.0.37 so I don't have the full stacktrace. But I didn't see >anything >> else in them that looked helpful. >> >> I've googled and couldn't really get any good answers that applied to >> us.This seemed a bit similar but we do have sslEnabled set (and the >issue >> is apparently fixed)... >> >> http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html >> >> I've tried modifying the connector based off the current 8.5 >> documentation. But always get the above. >> >> We're on: CentOS release 6.9 (Final), >> Java version "1.8.0_144" >> >> protocol="org.apache.coyote.http11.Http11NioProtocol" >>maxThreads="150" SSLEnabled="true" >asyncTimeout="6" >> compression="on" >> scheme="https" secure="true" > >> > sslEnabledProtocols="TLSv1,TSLv1.1,TLSv1.2" >> sslProtocol="TLS" >> certificateVerification="false" > >> > certificateKeystorePassword="masked" >> type="RSA" /> >> >> >> > > >- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org > > > > >- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux
Hi. Could this also be the problem on the other thread "tomcat ssl setup" (tomcat 9) ? log : 08-Sep-2017 15:24:36.300 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed ... Caused by: java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot store non-PrivateKeys at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113) Forwarded Message Subject: Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux Date: Thu, 21 Sep 2017 23:39:09 +0100 From: Mark Thomas <ma...@apache.org> Reply-To: Tomcat Users List <users@tomcat.apache.org> To: Tomcat Users List <users@tomcat.apache.org> On 21/09/17 17:19, Sean Dawson wrote: Hello, We migrated our application that was running fine on 8.0.37 to 8.5.20 and on startup we receive: java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot store non-PrivateKeys Try 8.5.21. It is on the mirrors but you'll need to follow the browse link on the download page to find it. Mark I unfortunately deleted the logs and under time pressure we had to go back to 8.0.37 so I don't have the full stacktrace. But I didn't see anything else in them that looked helpful. I've googled and couldn't really get any good answers that applied to us.This seemed a bit similar but we do have sslEnabled set (and the issue is apparently fixed)... http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html I've tried modifying the connector based off the current 8.5 documentation. But always get the above. We're on: CentOS release 6.9 (Final), Java version "1.8.0_144" - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux
On 21/09/17 17:19, Sean Dawson wrote: > Hello, > > We migrated our application that was running fine on 8.0.37 to 8.5.20 and > on startup we receive: > > java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot > store non-PrivateKeys Try 8.5.21. It is on the mirrors but you'll need to follow the browse link on the download page to find it. Mark > > I unfortunately deleted the logs and under time pressure we had to go back > to 8.0.37 so I don't have the full stacktrace. But I didn't see anything > else in them that looked helpful. > > I've googled and couldn't really get any good answers that applied to > us.This seemed a bit similar but we do have sslEnabled set (and the issue > is apparently fixed)... > > http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html > > I've tried modifying the connector based off the current 8.5 > documentation. But always get the above. > > We're on: CentOS release 6.9 (Final), > Java version "1.8.0_144" > > maxThreads="150" SSLEnabled="true" asyncTimeout="6" > compression="on" > scheme="https" secure="true" > > sslEnabledProtocols="TLSv1,TSLv1.1,TLSv1.2" > sslProtocol="TLS" > certificateVerification="false" > > certificateKeystorePassword="masked" > type="RSA" /> > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux
Peter Kreuser > Am 21.09.2017 um 18:19 schrieb Sean Dawson: > > Hello, > > We migrated our application that was running fine on 8.0.37 to 8.5.20 and > on startup we receive: > > java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot > store non-PrivateKeys > > I unfortunately deleted the logs and under time pressure we had to go back > to 8.0.37 so I don't have the full stacktrace. But I didn't see anything > else in them that looked helpful. > > I've googled and couldn't really get any good answers that applied to > us.This seemed a bit similar but we do have sslEnabled set (and the issue > is apparently fixed)... > > http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html > > I've tried modifying the connector based off the current 8.5 > documentation. But always get the above. > > We're on: CentOS release 6.9 (Final), > Java version "1.8.0_144" > >maxThreads="150" SSLEnabled="true" asyncTimeout="6" > compression="on" >scheme="https" secure="true" > >sslEnabledProtocols="TLSv1,TSLv1.1,TLSv1.2" >sslProtocol="TLS" >certificateVerification="false" > >certificateKeystorePassword="masked" > type="RSA" /> > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
"Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux
Hello, We migrated our application that was running fine on 8.0.37 to 8.5.20 and on startup we receive: java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot store non-PrivateKeys I unfortunately deleted the logs and under time pressure we had to go back to 8.0.37 so I don't have the full stacktrace. But I didn't see anything else in them that looked helpful. I've googled and couldn't really get any good answers that applied to us.This seemed a bit similar but we do have sslEnabled set (and the issue is apparently fixed)... http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html I've tried modifying the connector based off the current 8.5 documentation. But always get the above. We're on: CentOS release 6.9 (Final), Java version "1.8.0_144"