Chuck, > > Hello, > > I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems > that my config from 8.5.3 is not working with 8.5.4 when using the same > exact file. The majority of the server.xml is stock, but here what I > manually have changed and it is where I am encountering my problem.... > .... > <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" > scheme="https" secure="true" maxThreads="750" > SSLEnabled="true"> > <SSLHostConfig> > <Certificate > certificateFile="/opt/ssl/cert.pem" > certificateChainFile="/opt/ssl/chain.pem" > certificateKeyFile="/opt/ssl/privkey.pem" > type="RSA" /> > </SSLHostConfig> > </Connector> > .... > This worked fine with 8.5.3, but I get the following errors in catalina.out > on 8.5.4.... > > 22-Aug-2016 12:16:21.139 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-jsse-nio-8443"] > 22-Aug-2016 12:16:22.119 SEVERE [main] > org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore > type [JKS] with path [/home/tomcat8/.keystore] due to > [/home/tomcat8/.keystore (No such file or directory)] > java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or > directory) <snip> > > I am attempting to use Let's Encrypts certs on Ubuntu 16.04. My setup is > pretty simple and the things I am changing is a sym link between the 8.5.3 > directory and 8.5.4, with 8.5.3 the ssl connector starts, but with 8.5.4, I > get not ssl with the above error in my logs. Am I missing something? Any > pointers or help would be greatly appreciated! >
It seems to me, that tomcat requests JKS certificates but you give openssl options (certificateFile, certificateChainFile, certificateKeyFile). Documentation says: " If the installation uses APR - i.e. you have installed the Tomcat native library - then it will use the JSSE OpenSSL implementation, otherwise it will use the Java JSSE implementation." Or " Note: If tomcat-native is installed, the configuration will use JSSE with an OpenSSL implementation, which supports either this configuration or the APR configuration example given below. The APR connector uses different attributes for many SSL settings, particularly keys and certificates. An example of an APR configuration is:" So are you using TC Native? Best regards Peter
