On 22 September 2017 00:41:04 BST, "André Warnier (tomcat)" <a...@ice-sa.com> wrote: >Hi. > >Could this also be the problem on the other thread "tomcat ssl setup" >(tomcat 9) ?
Could be, yes. It looks like there are still some problems to iron out with the fix for keystrokes that contain keys with different passwords. Mark > >log : > >08-Sep-2017 15:24:36.300 SEVERE [main] >org.apache.catalina.util.LifecycleBase.handleSubClassException Failed >to initialize >component [Connector[HTTP/1.1-8443]] >org.apache.catalina.LifecycleException: Protocol handler initialization >failed >... >Caused by: java.lang.IllegalArgumentException: >java.security.KeyStoreException: Cannot >store non-PrivateKeys > at >org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113) > > > > > >-------- Forwarded Message -------- >Subject: Re: "Cannot store non-PrivateKeys" exception moving from >8.0.37 to 8.5.20 - Linux >Date: Thu, 21 Sep 2017 23:39:09 +0100 >From: Mark Thomas <ma...@apache.org> >Reply-To: Tomcat Users List <users@tomcat.apache.org> >To: Tomcat Users List <users@tomcat.apache.org> > >On 21/09/17 17:19, Sean Dawson wrote: >> Hello, >> >> We migrated our application that was running fine on 8.0.37 to 8.5.20 >and >> on startup we receive: >> >> java.lang.IllegalArgumentException: java.security.KeyStoreException: >Cannot >> store non-PrivateKeys > >Try 8.5.21. It is on the mirrors but you'll need to follow the browse >link on the download page to find it. > >Mark > >> >> I unfortunately deleted the logs and under time pressure we had to go >back >> to 8.0.37 so I don't have the full stacktrace. But I didn't see >anything >> else in them that looked helpful. >> >> I've googled and couldn't really get any good answers that applied to >> us.This seemed a bit similar but we do have sslEnabled set (and the >issue >> is apparently fixed)... >> >> http://tomcat.10.x6.nabble.com/SSL-inconsistency-td5052956.html >> >> I've tried modifying the connector based off the current 8.5 >> documentation. But always get the above. >> >> We're on: CentOS release 6.9 (Final), >> Java version "1.8.0_144" >> >> <Connector port="443" >protocol="org.apache.coyote.http11.Http11NioProtocol" >> maxThreads="150" SSLEnabled="true" >asyncTimeout="60000" >> compression="on" >> scheme="https" secure="true" > >> <SSLHostConfig ciphers="TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, >> TLS_RSA_WITH_3DES_EDE_CBC_SHA, >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, >> TLS_RSA_WITH_AES_128_CBC_SHA256, >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, >> TLS_RSA_WITH_AES_128_CBC_SHA, >> TLS_ECDHE_RSA_WITH_RC4_128_SHA, >> TLS_RSA_WITH_RC4_128_SHA, >> TLS_RSA_WITH_RC4_128_MD5" >> sslEnabledProtocols="TLSv1,TSLv1.1,TLSv1.2" >> sslProtocol="TLS" >> certificateVerification="false" > >> <Certificate certificateKeystoreFile="masked" >> certificateKeystorePassword="masked" >> type="RSA" /> >> </SSLHostConfig> >> </Connector> >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
