OS: Windows Server 2012 R2
JDK: Oracle JDK 1.8.0_201
Attempting to migrate from Tomcat 8.5.38 -> 8.5.39 results in
Failed to initialize connector [Connector[HTTP/1.1-443]]
when using the exact same configuration. Tomcat's .../conf/server.xml is
unchanged. Did a configuration parameter change or get renamed? The
exception is fairly cryptic from my point of view.
Stack Trace:
21-Mar-2019 17:17:52.641 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library [1.2.21] using APR version [1.6.5].
21-Mar-2019 17:17:52.641 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].
21-Mar-2019 17:17:52.641 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [true], useOpenSSL [true]
21-Mar-2019 17:17:52.641 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.1.1a 20 Nov 2018]
21-Mar-2019 17:17:52.767 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-apr-0.0.0.0-80"]
21-Mar-2019 17:17:52.783 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-openssl-apr-0.0.0.0-443"]
21-Mar-2019 17:17:52.816 SEVERE [main]
org.apache.catalina.core.StandardService.initInternal Failed to initialize
connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: ObjectIdentifier() -- data
isn't an object ID (tag = 48)
at
org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:404)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:368)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1105)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
... 13 more
Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object
ID (tag = 48)
at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:314)
at
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
at
javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
at
org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:128)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:96)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:294)
at
org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:104)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
at
org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:402)
... 18 more
server.xml snippets:
...
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" address="0.0.0.0" server="a web
server/x.y.z" />
...
<Connector port="443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="200" SSLEnabled="true" scheme="https"
secure="true" address="0.0.0.0" server="a web server/x.y.z" >
<SSLHostConfig
ciphers="TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"
certificateVerification="none"
honorCipherOrder="true" insecureRenegotiation="false" protocols="TLSv1.2" >
<Certificate certificateFile="conf/tls_config/cert.pem"
certificateChainFile="conf/tls_config/chain.pem"
certificateKeyFile="conf/tls_config/cert.key"
certificateKeyPassword="REDACTED" type="RSA" />
</SSLHostConfig>
</Connector>
Seems to me something broke with the APR/connector refactoring in this
version.
--
Ethan
