Peter Kreuser
> Am 21.09.2017 um 18:19 schrieb Sean Dawson <sean.dawson2...@gmail.com>: > > Hello, > > We migrated our application that was running fine on 8.0.37 to 8.5.20 and > on startup we receive: > > java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot > store non-PrivateKeys > > I unfortunately deleted the logs and under time pressure we had to go back > to 8.0.37 so I don't have the full stacktrace. But I didn't see anything > else in them that looked helpful. > > I've googled and couldn't really get any good answers that applied to > us.This seemed a bit similar but we do have sslEnabled set (and the issue > is apparently fixed)... > > http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html > > I've tried modifying the connector based off the current 8.5 > documentation. But always get the above. > > We're on: CentOS release 6.9 (Final), > Java version "1.8.0_144" > > <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="150" SSLEnabled="true" asyncTimeout="60000" > compression="on" > scheme="https" secure="true" > > <SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_RC4_128_SHA, > TLS_RSA_WITH_RC4_128_SHA, > TLS_RSA_WITH_RC4_128_MD5" > sslEnabledProtocols="TLSv1,TSLv1.1,TLSv1.2" > sslProtocol="TLS" > certificateVerification="false" > > <Certificate certificateKeystoreFile="masked" > certificateKeystorePassword="masked" > type="RSA" /> > </SSLHostConfig> > </Connector> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
