Rick,
Any chance you can try-out 8.5.latest? Your version is super old. It's
possible it's a bug that was fixed in the (distant?) past.
-chris
On 3/16/21 09:33, Trudeau, Rick (Nokia - CA/Ottawa) wrote:
On 2021-03-04, 2:45 PM, "Trudeau, Rick (Nokia - CA/Ottawa)"
<rick.trud...@nokia.com> wrote:
Chris,
On 2021-03-04, 12:07 PM, "Christopher Schultz"
<ch...@christopherschultz.net> wrote:
Rick,
On 3/3/21 09:23, Trudeau, Rick (Nokia - CA/Ottawa) wrote:
>
> Tomcat version: 8.5.34
>
> Hello,
> I’m wondering if anyone has any theories about an SSL config related
exception that we hit periodically on Tomcat startup that prevents the system from
initializing properly.
> I’ll emphasize “periodically” here, because we only trigger this
rarely and have no reliable way of triggering the problem.
> The exception seems to indicate that the certificateFile is missing,
which is strange given that the certificateKeystoreFile is provided and available
on the filesystem.
> My understanding is that a certificateFile would is not required
when using a certificateKeystoreFile.
> Any idea why there could be a certifificateFile related exception
when the certificateKeystoreFile is configured?
>
> The stack trace is:
>
> 2021.02.28 21:19:48 890 +0000 SEVERE
org.apache.catalina.core.StandardService Failed to initialize connector
[Connector[HTTP/1.1-8544]]
> org.apache.catalina.LifecycleException: Failed to initialize
component [Connector[HTTP/1.1-8544]]
> at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
> at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
> at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> at
org.apache.catalina.startup.Catalina.load(Catalina.java:632)
> at
org.apache.catalina.startup.Catalina.load(Catalina.java:655)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
> at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
> Caused by: org.apache.catalina.LifecycleException: Protocol handler
initialization failed
> at
org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
> at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
> ... 12 more
> Caused by: java.lang.IllegalArgumentException: SSLHostConfig
attribute certificateFile must be defined when using an SSL connector
> at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:115)
> at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:86)
> at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
> at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1087)
> at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:265)
> at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
> at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
> at
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
> ... 13 more
> Caused by: java.io.IOException: SSLHostConfig attribute
certificateFile must be defined when using an SSL connector
> at
org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:203)
> at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:113)
> ... 20 more
>
> Our connector is defined as follows:
>
> <Connector port="8544"
> protocol="HTTP/1.1"
> compression="on"
>
compressibleMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json"
> compressionMinSize="2048"
> connectionTimeout="60000"
> maxHttpHeaderSize="65536"
> scheme="https"
> secure="true"
> relaxedQueryChars="[]"
> SSLEnabled="true">
> <SSLHostConfig sslProtocol="TLS"
> protocols=" TLSv1.2"
> certificateVerification="optional"
> honorCipherOrder="true"
> ciphers="${server.cipher.suites.List}">
> <Certificate
certificateKeystoreFile="/opt/nsp/os/ssl/nsp.keystore"
> certificateKeystorePassword="secret"
> type="RSA"
> certificateKeyPassword="secret" />
> </SSLHostConfig>
> </Connector>
> Are you using tcnative and/or the APR connector? Your <Connector>
> doesn't choose, so the selection of the connector type will depend upon
> other configuration and/or the presence of the libtcnatire library.
> -chris
Thanks for the reply Chris.
Our deployment isn't using tcnative or the APR connector.
/rt.
Hi Chris,
Any clues/theories on this one? Googling this error signature isn't leading to
many findings.
Would it possible to trigger this stack trace if there is a problem with the
certs in the configured keystore, or something else related to the keystore?
Thanks.
/rt.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
