tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Syperski <csyper...@gmail.com>
Subject Re: 8.5.3 to 8.5.4 SSL Issue
Date Mon, 22 Aug 2016 13:25:23 GMT
I was under the impressions that as of 8.5.3 you could do JSSE with OpenSSL
from this page:

https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File

Excerpt:
"Tomcat can use three different implementations of SSL:

JSSE implementation provided as part of the Java runtime
JSSE implementation that uses OpenSSL
APR implementation, which uses the OpenSSL engine by default"

I originally attempted using OpenSSL directly after viewing this post and
this is what my configuration is based off of:

https://community.letsencrypt.org/t/how-to-use-the-certificate-for-tomcat/3677/39

If it isn't supported, it is just odd that it did work with 8.5.3.




On Mon, Aug 22, 2016 at 1:08 PM, Kreuser, Peter <pkreuser@airplus.com>
wrote:

> Chuck,
> >
> > Hello,
> >
> > I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL.  It seems
> > that my config from 8.5.3 is not working with 8.5.4 when using the same
> > exact file.   The majority of the server.xml is stock, but here what I
> > manually have changed and it is where I am encountering my problem....
> > ....
> > <Connector port="8443" protocol="org.apache.coyote.
> http11.Http11NioProtocol"
> >                scheme="https" secure="true" maxThreads="750"
> > SSLEnabled="true">
> >         <SSLHostConfig>
> >             <Certificate
> > certificateFile="/opt/ssl/cert.pem"
> > certificateChainFile="/opt/ssl/chain.pem"
> > certificateKeyFile="/opt/ssl/privkey.pem"
> >                 type="RSA" />
> >         </SSLHostConfig>
> >     </Connector>
> > ....
> > This worked fine with 8.5.3, but I get the following errors in
> catalina.out
> > on 8.5.4....
> >
> > 22-Aug-2016 12:16:21.139 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["https-jsse-nio-8443"]
> > 22-Aug-2016 12:16:22.119 SEVERE [main]
> > org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> > type [JKS] with path [/home/tomcat8/.keystore] due to
> > [/home/tomcat8/.keystore (No such file or directory)]
> >  java.io.FileNotFoundException: /home/tomcat8/.keystore (No such file or
> > directory)
> <snip>
> >
> > I am attempting to use Let's Encrypts certs on Ubuntu 16.04.  My setup is
> > pretty simple and the things I am changing is a sym link between the
> 8.5.3
> > directory and 8.5.4, with 8.5.3 the ssl connector starts, but with
> 8.5.4, I
> > get not ssl with the above error in my logs.  Am I missing something?
> Any
> > pointers or help would be greatly appreciated!
> >
>
> It seems to me, that tomcat requests JKS certificates but you give openssl
> options (certificateFile, certificateChainFile, certificateKeyFile).
>
> Documentation says:
> " If the installation uses APR - i.e. you have installed the Tomcat native
> library - then it will use the JSSE OpenSSL implementation, otherwise it
> will use the Java JSSE implementation." Or
> " Note: If tomcat-native is installed, the configuration will use JSSE
> with an OpenSSL implementation, which supports either this configuration or
> the APR configuration example given below.
>
> The APR connector uses different attributes for many SSL settings,
> particularly keys and certificates. An example of an APR configuration is:"
>
> So are you using TC Native?
>
> Best regards
>
> Peter
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message