Sounds like you need to share your JAVA_OPTS or CATALINA_OPTS, not your connector.
Dream * Excel * Explore * Inspire Jon McAlexander Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. From: Venkataraman Srinivasan <venkataraman.sriniva...@gcrta.org> Sent: Thursday, September 26, 2019 4:30 PM To: users@tomcat.apache.org Subject: SSL issue : java.security.KeyStoreException: Cannot store non-PrivateKeys Hi, I am getting below error while I am starting TOMCAT Caused by: java.lang.IllegalArgumentException: Cannot store non-PrivateKeys at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) ... 13 more Caused by: java.security.KeyStoreException: Cannot store non-PrivateKeys at sun.security.provider.JavaKeyStore.engineSetKeyEntry(JavaKeyStore.java:250) at sun.security.provider.JavaKeyStore$JKS.engineSetKeyEntry(JavaKeyStore.java:55) at java.security.KeyStore.setKeyEntry(KeyStore.java:909) at org.apache.tomcat.util.net.jsse. ++++++++++++++++++++++++++++++++++++++++++++++ Environment : Tomcat Version : 8.5.32 Certificate Issuer : Thawte KeyStore created with : Key Algorithm RSA CSR Requested with : < NO Key Alogorithm is pased> Certificate Signature algorithm name: SHA1withRSA Connector Entry in server.xml <Connector port="8443" scheme="https" secure="true" SSLEnabled="true"> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" defaultSSLHostConfigName="https://blabla.bla.org:8443"; protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="200" enableLookups="false" clientAuth="false" acceptCount="10" SSLEnabled="true" connectionTimeout="60000" <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig hostName="https://blabla.bla.org:8443"; > <Certificate certificateFile="key_store/ssl_certificate.p7b" certificateAlias="bla" keystoreFile="/key_store/blabla.jks" type="RSA" keystoreType="JKS" keyChainFile="key_store/linux_apex_inter_x509.cer" keystorePassword="<password" /> sslProtocols="+TLS+TLSv1.2+TLSv1.3" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" </SSLHostConfig> </Connector> Thanks Venkat
