Return-Path: <dev-return-185026-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 6B9C0200CED
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 18 Aug 2017 09:04:03 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 6A04E16C602; Fri, 18 Aug 2017 07:04:03 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id AFA9416C601
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 18 Aug 2017 09:04:02 +0200 (CEST)
Received: (qmail 35189 invoked by uid 500); 18 Aug 2017 07:04:01 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 35178 invoked by uid 99); 18 Aug 2017 07:04:01 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Aug 2017 07:04:01 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id ED4C5C0334
	for <dev@tomcat.apache.org>; Fri, 18 Aug 2017 07:04:00 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level: 
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=6.31
	tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=disabled
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id NqAo4buz3C2U for <dev@tomcat.apache.org>;
	Fri, 18 Aug 2017 07:03:59 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 013015F5B9
	for <dev@tomcat.apache.org>; Fri, 18 Aug 2017 07:03:59 +0000 (UTC)
Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id 5138EE0059
	for <dev@tomcat.apache.org>; Fri, 18 Aug 2017 07:03:58 +0000 (UTC)
Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33)
	id C95DA60998; Fri, 18 Aug 2017 07:03:56 +0000 (UTC)
From: bugzilla@apache.org
To: dev@tomcat.apache.org
Subject: [Bug 61445] New: Unable to start SSL using SunMSCAPI
Date: Fri, 18 Aug 2017 07:03:55 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Tomcat 8
X-Bugzilla-Component: Connectors
X-Bugzilla-Version: 8.5.20
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: radek.nemec@solitea.cz
X-Bugzilla-Status: NEW
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: dev@tomcat.apache.org
X-Bugzilla-Target-Milestone: ----
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 bug_status bug_severity priority component assigned_to reporter
 target_milestone attachments.created
Message-ID: <bug-61445-78@https.bz.apache.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bz.apache.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
archived-at: Fri, 18 Aug 2017 07:04:03 -0000

https://bz.apache.org/bugzilla/show_bug.cgi?id=3D61445

            Bug ID: 61445
           Summary: Unable to start SSL using SunMSCAPI
           Product: Tomcat 8
           Version: 8.5.20
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
          Assignee: dev@tomcat.apache.org
          Reporter: radek.nemec@solitea.cz
  Target Milestone: ----

Created attachment 35250
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=3D35250&action=3Dedit
Catalina log with SSL problem

I have this Connector in server.xml:

<Connector port=3D"8443" protocol=3D"org.apache.coyote.http11.Http11NioProt=
ocol"
maxThreads=3D"150" SSLEnabled=3D"true" scheme=3D"https" secure=3D"true">
    <SSLHostConfig truststoreProvider=3D"SunMSCAPI" truststoreType=3D"Windo=
ws-Root"
protocols=3D"+TLSv1.2,+TLSv1.1,+TLSv1">
        <Certificate certificateKeystoreProvider=3D"SunMSCAPI"
certificateKeystoreFile=3D"" certificateKeystoreType=3D"Windows-MY"
certificateKeyAlias=3D"my-web-cz" type=3D"RSA" />
    </SSLHostConfig>
</Connector>

Tomcat is running as a service under account "ServiceAccount". In Tomcat 8.=
5.14
the site is functioning normally and certificate from LocalMachine
(Windows-Root) is accessed and used.
Setting certificateKeystoreFile=3D"" is correct for SunMSCAPI, not an error,
without it the "java.lang.IllegalArgumentException: Illegal character in op=
aque
part at index 2: C:\Users\ServiceAccount/.keystore" occurs.

However after upgrading 8.5.14 to 8.5.20, this error appears in log (see
attachment for full log):

...
17-Aug-2017 16:41:45.976 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR bas=
ed
Apache Tomcat Native library [1.2.12] using APR version [1.5.2].
17-Aug-2017 16:41:45.976 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabiliti=
es:
IPv6 [true], sendfile [true], accept filters [false], random [true].
17-Aug-2017 16:41:45.976 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
17-Aug-2017 16:41:46.633 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.0.2k  26 Jan 2017]
17-Aug-2017 16:41:46.836 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-openssl-nio-8443"]
17-Aug-2017 16:41:47.398 SEVERE [main] org.apache.coyote.AbstractProtocol.i=
nit
Failed to initialize end point associated with ProtocolHandler
["https-openssl-nio-8443"]
 java.lang.IllegalArgumentException: java.security.KeyStoreException: Cannot
get key bytes, not PKCS#8 encoded
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJs=
seEndpoint.java:114)
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseE=
ndpoint.java:85)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
        at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:982)
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.j=
ava:244)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:62=
0)
        at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol=
.java:66)
        at
org.apache.catalina.connector.Connector.initInternal(Connector.java:997)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:1=
07)
        at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:=
549)
...

--=20
You are receiving this mail because:
You are the assignee for the bug.=

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org