I had this overall configuration working until I 'terminated' the AWS
server instance and am trying to rebuild.
Could a lack of network connectivity between client and server
present this same symptom?
Hmm. Your SAN looks okay to me. Are you 100% sure you have that
certificate configured in Tomcat? ARe you using some other component
in front of Tomcat? You should be able to connect using:
$ openssl s_client -showcerts -connect 10.0.2.118:443
This will dump the certificate actually presented by the server. You
can copy/paste that into:
$ openssl x509 -text
and get the details to make sure the SAN appears there.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Thanks Chris, given your vote of confidence I realized I had not updated
the keystore file with my recently regenerated cert.
Also forgot to mention this is tomcat 9.0.63 embedded in my app, running
java17 (correto) at AWS
But I think I'm going backwards.
my actual java command is pretty much this:
java -Djavax.net.ssl.keyStore=/ppr/certs/sgstrust.p12
-Djavax.net.ssl.keyStoreType=PKCS12 -Djavax.net.ssl.keyStorePassword=p1
-Djavax.net.ssl.trustStore=/ppr/certs/fullca.p12
-Djavax.net.ssl.trustStoreType=PKCS12
-Djavax.net.ssl.trustStorePassword=p2
--oper=1 --seg=id --json-dir=/ppr/report --acc=10.0.2.118:15002
--dbn={dbn} --eff={dbu} -env=AWS
I add my cert to truststore. Do I need both trust and key stores on the
commandline. sgstrust.p12 is made by converting x509 key/cert.
fullca.p12 has the worlds CA certs plus mine.
But now I'm hitting
java.net.ConnectException
at
java.net.http/jdk.internal.net.http.HttpClientImpl.send(HttpClientImpl.java:573)
at
java.net.http/jdk.internal.net.http.HttpClientFacade.send(HttpClientFacade.java:123)
at
edu.utah.camplab.sgs.AbstractSGSRun.canConnect(AbstractSGSRun.java:386)
at
edu.utah.camplab.sgs.AbstractSGSRun.init(AbstractSGSRun.java:296)
at
edu.utah.camplab.sgs.AbstractSGSOptions.init(AbstractSGSOptions.java:37)
at edu.utah.camplab.sgs.SGSChase.init(SGSChase.java:76)
at edu.utah.camplab.sgs.SGSChase.init(SGSChase.java:85)
at edu.utah.camplab.app.SGSPValue.<init>(SGSPValue.java:68)
at edu.utah.camplab.app.SGSPValue.main(SGSPValue.java:27)
Caused by: java.net.ConnectException
at
java.net.http/jdk.internal.net.http.common.Utils.toConnectException(Utils.java:1047)
at
java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:198)
at
java.net.http/jdk.internal.net.http.PlainHttpConnection.checkRetryConnect(PlainHttpConnection.java:230)
at
java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$1(PlainHttpConnection.java:206)
at
java.base/java.util.concurrent.CompletableFuture.uniHandle(CompletableFuture.java:934)
at
java.base/java.util.concurrent.CompletableFuture$UniHandle.tryFire(CompletableFuture.java:911)
at
java.base/java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:510)
at
java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1773)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: java.nio.channels.ClosedChannelException
at
java.base/sun.nio.ch.SocketChannelImpl.ensureOpen(SocketChannelImpl.java:195)
at
java.base/sun.nio.ch.SocketChannelImpl.beginConnect(SocketChannelImpl.java:760)
at
java.base/sun.nio.ch.SocketChannelImpl.connect(SocketChannelImpl.java:848)
at
java.net.http/jdk.internal.net.http.PlainHttpConnection.lambda$connectAsync$0(PlainHttpConnection.java:183)
at
java.base/java.security.AccessController.doPrivileged(AccessController.java:569)
at
java.net.http/jdk.internal.net.http.PlainHttpConnection.connectAsync(PlainHttpConnection.java:185)
... 9 more
in code unchanged since it last worked.