-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 M,
On 12/4/19 13:37, M. Manna wrote: > Chris, > > On Wed, 4 Dec 2019 at 18:34, Konstantin Kolinko > <knst.koli...@gmail.com> wrote: > >> ср, 4 дек. 2019 г. в 20:28, Christopher Schultz < >> ch...@christopherschultz.net>: >>> >>> All, >>> >>> I feel like I should be able to figure this out on my own, but >>> I'm drawing a blank. >>> >>> I'm trying to upgrade from Apache Tomcat 8.0.35 to Apache >>> Tomcat 8.5.35 and I'm getting errors on a certain portion of >>> the conf/server.xml configuration. >>> >>> I copy have a perfect copy/paste of the config file here but >>> basically this is configuring a keystore for TLS. Something >>> like this: >>> >>> <Connector [...] keystoreFile="E:\path\to\keystore.jks" [...] >>> /> >>> >>> The error is "unknown protocol: e". Clearly, >>> Tomcat/Java/URL/whatever thinks that "E:" is a protocol. No >>> problem... this has to be a file URL, so let's make it a file >>> URL: [...] >> >> Chris, >> >> 1) Do know where that message is produced? (Stacktrace? What >> version of Tomcat?) >> >> E.g. it may be that the code has several attempts to use the >> value a) as file path, b) as URL, and you only see the message >> from the second attempt b), but it is a) that fails. >> >> Is your keystoreFile path correct? >> >> 2) Why the settings are specified on a <Connector>. They will be >> translated into <SSLHostConfig>/<Certificate> on the fly, but >> maybe something is broken. >> >> >> http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_ - -_Certificate >> >> It says that certificateKeystoreFile can be an URI. >> >> 3) Does you connector use JSSE or OpenSSL? >> >> There is some code that translates between the two configuration >> flavors on the fly, but maybe something is broken. >> >>> I'm using Oracle Java 1.8.0 build 161. >> >> FYI, an up-to-date version of Java 8 for Windows is available >> from AdoptOpenJDK. https://adoptopenjdk.net/ >> >> It is 8u232 now. >> >> Best regards, Konstantin Kolinko >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > I have just launched tomcat 8.5.47 stockpile with the following > connector config (i generated keystore Jeeks before) > > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" > port="8443" maxThreads="200" scheme="https" secure="true" > SSLEnabled="true" keystoreFile="C:/Temp/tomcat.jks" > keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/> > > And my tomcat cert gen command was: > >> keytool -genkeypair -alias tomcat -keyalg RSA -keystore >> tomcat.jks > -keypass changeit -storepass changeit > > It only gave me warning about non-legit cert when I hit > https://localhost:8443 but that's expected. Otherwise, no errors. > > I suspect your E:\ drive is a network drive (or virtual) so the > mapping may be causing issues ? Or may be it's the > partitioning...? This is a local device, not a networked one. Everything is virtualized, but this is a "local drive" on the Windows virtual machine. Again, Tomcat 8.0 seems to work and Tomcat 8.5 doesn't like it for some reason. I'm assuming this is all related to the change in how resources are loaded in Tomcat 8.5. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3oC7cACgkQHPApP6U8 pFilLxAApcWFCpa2qKLDBqYZ4L1ogGHoxkQ9UboJjN6jYmIKinSD+6fuOn2sL+dU T02+UZF1wgEPoEZvzA365IlUgZwUnKfqox7FWpqVUREcZnjjE/rpiIN52ioq8tHa eqbE71neKm+WfrZ0ChWCGkjP7hsomeqIMayV6wzY4Fc9qQoOaIc/nja4wmhEHAe+ SsUdHoi4CKUyWHAWmw4kvUPo8E74BJEgbr0CWJs7nIdyIYi+EkK929lk6Jz3KB+8 vfFu+wIWJXl6gfQBW5wENSFYe5IIX/8iBtFjC27WqbIPpc4qVyr+z6IFB5PCZ9X6 rib2kQOXSpAZvQVjgH/E3KpGARxlrgn3MSkf00KCWKamUO4XG5F4lPszfOEAjl5W YT9xbp2Qh7ioA0UGdjGgHaLYu7/JhMkRLsmzeXFR2IPS7Z05svKq8Zgam+NygXGC kcEBHMeMmeu4V0AiVNwhzeG54YFUzPBq7LSabmJt3E5WbLhGYPfo8nMV9vFpOCEp PTxDDzUZwWJX95LkfnjWdOsQhUmeCXYckKrdkgjmr3HaN4G7H0XgC4izWyy6CvWb kui0dkj6mw1kRCdg7BM9VWlN8L2MfmCo+c7u1oKtuaR1LbKgDtZYmgkUw2NBfVRP fEfJtmWL+TAkXX9pAXlqdPkSt0jZBF2S5zUrqWsrkGvcgrEbHSc= =CLq+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
