Tomcat version: 8.5.34
Hello,
I’m wondering if anyone has any theories about an SSL config related exception
that we hit periodically on Tomcat startup that prevents the system from
initializing properly.
I’ll emphasize “periodically” here, because we only trigger this rarely and
have no reliable way of triggering the problem.
The exception seems to indicate that the certificateFile is missing, which is
strange given that the certificateKeystoreFile is provided and available on the
filesystem.
My understanding is that a certificateFile would is not required when using a
certificateKeystoreFile.
Any idea why there could be a certifificateFile related exception when the
certificateKeystoreFile is configured?
The stack trace is:
2021.02.28 21:19:48 890 +0000 SEVERE org.apache.catalina.core.StandardService
Failed to initialize connector [Connector[HTTP/1.1-8544]]
org.apache.catalina.LifecycleException: Failed to initialize component
[Connector[HTTP/1.1-8544]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: SSLHostConfig attribute
certificateFile must be defined when using an SSL connector
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
... 13 more
Caused by: java.io.IOException: SSLHostConfig attribute certificateFile must be
defined when using an SSL connector
at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:203)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113)
... 20 more
Our connector is defined as follows:
<Connector port="8544"
protocol="HTTP/1.1"
compression="on"
compressibleMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json"
compressionMinSize="2048"
connectionTimeout="60000"
maxHttpHeaderSize="65536"
scheme="https"
secure="true"
relaxedQueryChars="[]"
SSLEnabled="true">
<SSLHostConfig sslProtocol="TLS"
protocols=" TLSv1.2"
certificateVerification="optional"
honorCipherOrder="true"
ciphers="${server.cipher.suites.List}">
<Certificate
certificateKeystoreFile="/opt/nsp/os/ssl/nsp.keystore"
certificateKeystorePassword="secret"
type="RSA"
certificateKeyPassword="secret" />
</SSLHostConfig>
</Connector>
