Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux

[tomcat]

Hi.

Could this also be the problem on the other thread "tomcat ssl setup" (tomcat 
9) ?
log :

08-Sep-2017 15:24:36.300 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize 
component [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Protocol handler initialization failed
...
Caused by: java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot 
store non-PrivateKeys
    at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113)





-------- Forwarded Message --------
Subject: Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 
8.5.20 - Linux
Date: Thu, 21 Sep 2017 23:39:09 +0100
From: Mark Thomas <ma...@apache.org>
Reply-To: Tomcat Users List <users@tomcat.apache.org>
To: Tomcat Users List <users@tomcat.apache.org>

On 21/09/17 17:19, Sean Dawson wrote:
Hello,

We migrated our application that was running fine on 8.0.37 to 8.5.20 and
on startup we receive:

java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot
store non-PrivateKeys

Try 8.5.21. It is on the mirrors but you'll need to follow the browse
link on the download page to find it.

Mark


I unfortunately deleted the logs and under time pressure we had to go back
to 8.0.37 so I don't have the full stacktrace. But I didn't see anything
else in them that looked helpful.

I've googled and couldn't really get any good answers that applied to
us.This seemed a bit similar but we do have sslEnabled set (and the issue
is apparently fixed)...

http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html

I've tried modifying the connector based off the current 8.5
documentation.  But always get the above.

We're on: CentOS release 6.9 (Final),
Java version "1.8.0_144"

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" asyncTimeout="60000"
compression="on"
                scheme="https" secure="true" >
        <SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
                        TLS_RSA_WITH_3DES_EDE_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_RSA_WITH_AES_128_CBC_SHA256,
                        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
                        TLS_RSA_WITH_AES_128_CBC_SHA,
                        TLS_ECDHE_RSA_WITH_RC4_128_SHA,
                        TLS_RSA_WITH_RC4_128_SHA,
                        TLS_RSA_WITH_RC4_128_MD5"
                        sslEnabledProtocols="TLSv1,TSLv1.1,TLSv1.2"
                        sslProtocol="TLS"
                        certificateVerification="false" >
            <Certificate certificateKeystoreFile="masked"
                        certificateKeystorePassword="masked"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org