Hi all.
Finally found out the issue.
And had nothing to do with tomcat.
There are two web applications under this particular instance of tomcat
Both of them contain an http client that issues https connections.
Application A sets explicitly the certificate store type to PKCS
Application B does not, so is expecting JKS.
The JDK instance has a JKS certificate store.
Launching application A causes an exception when it tries to connect via
HTTPS
Application B then fails because finds in SystemProperty that the
certificate store is PKCS but actually it is JKS.
I'm writing this to underline that as predictable it was not a problem
with tomcat
Thanks to everyone spent time into this, especially Chris
Il 27/06/2023 16:35, Christopher Schultz ha scritto:
Ivano,
On 6/27/23 09:15, Ivano Luberti wrote:
We had another Linux server that should have been identical to the
one where the problem was occuring. Tested the same software on that
without the issue.
So we cloned the latter and replaced the former.
>
Now everything works as expected.
Hah.
Before the replacement we tried to find out any difference between
the two servers, especially with regard to JDK and Tomcat
installations but to no avail: they looked identical file by file,
not only by version. I had supposed the cacert file was corrupted but
it was identical to the one on the working machine.
Having found a practical solution we have decided to give up
investigating.
Thank you again to you and the other that paid attention to my issue.
Of course.
Someone recently posted a similar issue that has no explanation which
magically went-away after (essentially) re-building the server. There
was nothing specific that could be pointed-to as a likely source of
the problem, but now it's just /gone/.
It's not entirely satisfying from a "what if it happens again"
perspective, but "you can't argue with results."
-chris
Il 26/06/2023 18:50, Christopher Schultz ha scritto:
Ivano,
On 6/8/23 06:10, Ivano Luberti wrote:
Hi, all I have the following problem.
[snip]
My guess is that looking at the code in this general area would be
helpful. If you are able to add debug logging in there to spoit-out
some of the crypto configuration being used, I'm sure it would help:
it.sella.ecomm.WSCryptDecryptStub,encrypt,197
it.archicoop.met.sistemapagamento.bancasella.wscryptdecryptclient.WSClient,encrypt,61
it.archimede.met.backoffice.pagamento.GestionePagamento,encrypt,75
it.archimede.met.turisti.servlet.NuovoOrdineAcquista,encrypt,379
Sorry, I don't think anybody here will be able to help much further
without a lot more information.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
dott. Ivano Mario Luberti
Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa
tel.: +39 050/580959 | fax: +39 050/8932061
web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/
