On 20/03/18 14:49, Richard Tearle wrote: > Hello > > On 20 March 2018 at 11:29, Mark Thomas <ma...@apache.org> wrote: >> >> On 20/03/18 07:52, Richard Tearle wrote: >>> Hello >>> >>> We have 4 applications built on the same architecture with a web UI >>> and camel based ESB running in separate Tomcat's, using REST/XML to >>> communicate between the two. This is all deployed within separate >>> Docker containers but on the same VM (at least for test), either on >>> Centos Linux or Oracle Linux. This all works on Tomcat 8.0.x. We've >>> been upgrading to Tomcat 8.5.x since November last year, but this has >>> been hampered by what looks to be random connection closed errors when >>> our UI communicates to the ESB. We have a series of Selenium based >>> autotests which will fail in different places, but with the same >>> error: >> >> <snip/> >> >> There are rather too many factors at play here. It would be good to try >> and eliminate some of them. >> >> What are the known working 8.0.x versions? >> >> I looks like you are using JSSE with 8.0.x. It should be possible to use >> the exact same configuration with 8.5.x. No need to use the native >> library and no need to switch to the new configuration style. >> >> Lets try and get 8.5.x working with JSSE. That should help narrow down >> the root cause. What happens when you transfer the working 8.0.x config >> to 8.5.x? > > On startup we get: > > 20-Mar-2018 14:43:18.908 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed > to initialize component [Connector[HTTP/1.1-4001]] > org.apache.catalina.LifecycleException: Protocol handler initialization > failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:935) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:530) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:852) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at org.apache.catalina.startup.Catalina.load(Catalina.java:633) > at org.apache.catalina.startup.Catalina.load(Catalina.java:656) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) > Caused by: java.lang.IllegalArgumentException: the trustAnchors > parameter must be non-empty > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85) > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:216) > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1043) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:540) > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:932) > ... 13 more > Caused by: java.security.InvalidAlgorithmParameterException: the > trustAnchors parameter must be non-empty > at > java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) > at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:157) > at > java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:130) > at > org.apache.tomcat.util.net.jsse.JSSEUtil.getParameters(JSSEUtil.java:389) > at > org.apache.tomcat.util.net.jsse.JSSEUtil.getTrustManagers(JSSEUtil.java:313) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112) > ... 19 more
OK. Can you share you configuration and the steps you used to create the self-signed certificate. I'd like to see if I can reproduce this. >> Also, anything you can do to reduce the complexity of the test >> application (ideally reducing it to simple Servlets/JSPs) would make it >> easier for others to reproduce the issue. > > I can ZIP my code and drop it somewhere if that will help. Yes. But lets get the JSSE issue fixed first. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
