Angela,
On 11/14/22 11:56, Cantor, Angela T. wrote:
We just upgraded OpenJDK from 17.0.4.0.8-2.el8_6 to the above version. Now
tomcat won't listen on the desired port. Something is wonky with it accessing
the keystore. If you all see anything obvious, could you please advise?
Especially if it involves switching to a pkcs12 keystore (which I tried but
that also failed - I am no expert on setting up either type so maybe I did
something wrong.) Nothing other than the OpenJDK version seems to matter - if
we downgrade it back to 17.0.4.0.8, tomcat once again works fine. Note that
17.0.4.1.1-2.el8_6 also caused the same problem.
> [snip]
certificateKeystoreProvider="SunPKCS11-NSS-FIPS"
Could this be the problem? Does your new Java version have that security
provider available? I have some code which can dump-out the available
providers if you aren't sure.
certificateKeystoreType="PKCS11"
This also looks weird to me: PKCS11 is an API, not a file type. But
maybe you have to use this in order to access a keystore via the OpenSSL
API? It makes some sense since you haven't specified a filename for the
keystore. I don't have any experience with that. :/
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
