On 26/12/2019 23:55, logo wrote: <snip/>
> as an EC certificate will start with EC PRIVATE KEY. > > Is this something that is expected? ECDSA unsupported? Or just an incomplete > implementation, edge case or a bug? Hi, Sorry for not getting to this sooner. I'm not 100% sure that Java directly supports the format that includes: -----BEGIN EC PRIVATE KEY----- Initial research suggests you need to "update" the format of the key file: openssl pkcs8 -topk8 -inform pem -in file.key -outform pem -nocrypt -out file.pem I have confirmed that this updated key then works cleanly with both the OpenSSL and JSSE TLS implementations. In theory, Tomcat should be able to do this conversion for you. The issue will be how much of the crypto API we need to do that is part of the public API and, where it isn't, how easy it is to craft our own. I'm currently investigating... Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
