RE: Tomcat SSL stops working after an undetermined amount of time

Mon, 24 May 2021 13:26:11 -0700 

This works for me. In server.xml:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="C:\Program 
Files\Java\openjdk_1.8.0.242\jre\lib\security\cacerts"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>



From: Ezsra McDonald <[email protected]>
Sent: Monday, May 24, 2021 4:10 PM
To: Tomcat Users List <[email protected]>
Subject: Re: Tomcat SSL stops working after an undetermined amount of time

[External email: Use caution! Do not open attachments or click on links from 
unknown senders or unexpected emails.]
Chris,

Thanks for your response.

These Tomcat servers are something I inherited. I do not know what this
bouncycastle.crypto is. If it is making my setup complicated how do I get
around it? Is it part of the org.apache.coyote.http11.Http11NioProtocol?
What would you recommend I use instead? My end goal is to just enable
TLS/SSL on the connectors.

--Ez


On Mon, May 24, 2021 at 1:56 PM Christopher Schultz <
[email protected]<mailto:[email protected]>> wrote:

> Ezsra,
>
> On 5/24/21 10:30, Ezsra McDonald wrote:
> > I am enabling SSL debugging this morning. I did catch this in the log for
> > an instance that started erroring out this morning. Seems like it may be
> > too generic to help solve my problem. Here it is:
> >
> > 24-May-2021 09:25:44.609 SEVERE [catalina-exec-51]
> > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun
> > java.lang.NullPointerException
> > at org.bouncycastle.crypto.signers.PSSSigner.generateSignature(Unknown
> > Source)
> > at org.bouncycastle.jce.provider.JDKPSSSigner.engineSign(Unknown Source)
>
> Oh. You are using BouncyCastle. I've never tried to do that. I'm not
> sure how well BC will work with Tomcat. We don't officially support that
> configuration, but that doesn't mean we won't try to help.
>
> There will be a presentation at this year's ApacheCon @Home 2021 about
> configuring Tomcat for FIPS and it will include how to configure Tomcat
> with BC (including FIPS). Obviously, you don't want to wait around until
> the conference to get things working, but perhaps the presenter is
> lurking on the list ... ?
>
> I don't have an email address for the presenter, so I can't give you a
> reference. :/
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: 
> [email protected]<mailto:[email protected]>
> For additional commands, e-mail: 
> [email protected]<mailto:[email protected]>
>
>

Reply via email to