Hi Chris,
When I start Tomcat this is what I see in the logs : (this is after I installed
a CA signed trusted certificate on Tomcat). I’ve done the CA certificate
install earlier on a different box and it worked fine, followed the same steps
this time but seems to error out. Any thoughts/suggestions really appreciated.
Both were on same versions of Windows on similar environments, no obvious
differences at all.
SEVERE: Failed to initialize component [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:304)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)
Caused by: java.lang.IllegalArgumentException: Invalid keystore format
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
When I have the self-signed certificate on Tomcat, am able to access my Crystal
server’s Admin Console (except that it says ‘site is not secure’). My attempt
it to try and secure the server here. The windows box has SAP BO BI 4.3
installed on it and Tomcat is the web server used.
Hope this clarifies. If we need to do a screenshare/call, please reach out to
me.
Regards,
Veni
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Wednesday, December 28, 2022 12:49 AM
To: users@tomcat.apache.org
Subject: Re: Invalid Keystore format error on Tomcat
Veni, On 12/23/22 12: 16, Janardhanan, Veni wrote: > Hi, > > I’ve a self-signed
certificate installed on Tomcat 9 which works fine. This is a Crystal Server
SAP BO BI 4. 3 box. > To make it secure I installed our CA signed certificate.
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Veni,
On 12/23/22 12:16, Janardhanan, Veni wrote:
> Hi,
>
> I’ve a self-signed certificate installed on Tomcat 9 which works fine. This
> is a Crystal Server SAP BO BI 4.3 box.
> To make it secure I installed our CA signed certificate. After a restart I
> brought Tomcat up, the logs show ‘Invalid Keystore format’ error.
>
> Below is the config from server.xml.
>
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
> compressionMinSize="2048"
> URIEncoding="UTF-8" compression="on"
>
> certificateKeyAlias="xxxxxxxx.corp.xxxxxxx.com"
>
> compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,text/json,application/javascript,application/json"
> maxThreads="200" scheme="https" secure="true" SSLEnabled="true">
> <SSLHostConfig>
> <Certificate certificateKeystoreFile="C:/SSL/certnew_pfx.pfx"
>
> certificateKeystorePassword="Crystal!@#" keystoreType="PKCS12"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
>
> Please suggest. Am stuck at this point unable to proceed further, any
> hints/thoughts highly appreciated!
I'm sorry, I didn't realize that this was essentially a re-post of your
previous thread with subject "Install CA signed certificate on Tomcat 9".
I see this was what was in your keystore:
Your keystore contains 2 entries
tomcat, Sep 8, 2022, PrivateKeyEntry,
Certificate fingerprint (SHA-256):
8B:1D:5B:59:86:39:A5:CD:AB:2A:4A:45:13:2B:82:A1:44:CD:8A:E7:20:96:5A:02:0F:73:E3:5A:A6:DB:B6:FD
tomcat1, Sep 29, 2022, trustedCertEntry,
Certificate fingerprint (SHA-256):
1F:A1:D5:1A:AD:5C:57:6C:B8:90:D8:CA:D1:89:2D:E1:1E:1F:7E:78:D2:19:72:CE:CC:3B:25:03:DE:0F:E1:B6
On 23 Dec you said "when I access the Central Management Console, the
browser shows site as ‘Not Secure’".
What is the Central Management Console?
Is Tomcat able to start without throwing any errors in the log files?
Are you able to reach the site, but get a browser warning that it's
"insecure"? I just want to make sure we are solving he right problem.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscr...@tomcat.apache.org<mailto:users-unsubscr...@tomcat.apache.org>
For additional commands, e-mail:
users-h...@tomcat.apache.org<mailto:users-h...@tomcat.apache.org>
