Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C7A82200BA7 for ; Fri, 21 Oct 2016 22:37:34 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C6292160AE8; Fri, 21 Oct 2016 20:37:34 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E4B1E160ADE for ; Fri, 21 Oct 2016 22:37:33 +0200 (CEST) Received: (qmail 13345 invoked by uid 500); 21 Oct 2016 20:37:32 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 13334 invoked by uid 99); 21 Oct 2016 20:37:32 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Oct 2016 20:37:32 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 18341180519 for ; Fri, 21 Oct 2016 20:37:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.379 X-Spam-Level: ** X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 0cQX3we7iHVV for ; Fri, 21 Oct 2016 20:37:30 +0000 (UTC) Received: from mail-yw0-f171.google.com (mail-yw0-f171.google.com [209.85.161.171]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 351335F1C2 for ; Fri, 21 Oct 2016 20:37:29 +0000 (UTC) Received: by mail-yw0-f171.google.com with SMTP id t192so115861258ywf.0 for ; Fri, 21 Oct 2016 13:37:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=tlmVJlSJAVS4aWHDZAawmokobkRsd7s1dj7VIJQXL+A=; b=q2wZ0yD/rOEvVuG2FzYYaGAf1rgWRhXfoUCZRH3M9NW1I6G0gux+m96dRhhA7ZJMpN SFPqPZf7TcHIJaFkcbuWxyUA3V529M8tW74InLoAeYh4F0dVlXB4qHuB2lkAbZixb2Ne xa1idjUxXVx6eMJ/V7SOuaoZmv1oAcprPxd5mGomkInrX0g5r0p+QqwbMx6m4HdwZee2 2vqi1wjOXhpnXdxSsDFOr4ZqeRgntGOt/PsyXuOIu7vcA8+NdstbhGMIHPdL46DcA3Bz PABc2ekS7/Z5fLZ691xWHhrOAjblLBjS7hW7AKQRWiUejOzEmhwN3R10ltzj9nqIsKgH H55w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=tlmVJlSJAVS4aWHDZAawmokobkRsd7s1dj7VIJQXL+A=; b=kmCV9Fs7YpxIZUtu/tJvzXmXqXVmB6zTLCDbX9Xlc7ietUZ7AKXodduYPtJu7ANiGl XiQsZ8QE/P1Xo8DKVM9zrsTgxoNaM6J3QjaNhogTVKftOvQ2neOND1brjQuwAU2iKd8x lKV6PxxWAfXuLN+PE6jHPwZpv8dJUk+ScDpdWDqaxZ/sxqSUuBLik7OGjLEmWvnzWf85 I8Bk/YhGcw5hGRN3E9JxpwUuNxjNW2WZxMe0AkAAcoYzaIN5+IOInl3sE4CSWkm7uMQA PBbPk6+iJQDYqcUGQOJrTYSziwKN7q1j/vLK4c9/HNIyN1cCTYq+ILqSUu30XO+F7NHr cJOw== X-Gm-Message-State: ABUngvcHEv0RaTfh+kToUCHjFg9bzA5VFrn5AIuwb7TAWN/J6nLParBzYcFQCr/zZzpeDnl5ctvR32L6Te1iJg== X-Received: by 10.129.130.198 with SMTP id s189mr3427529ywf.116.1477082244888; Fri, 21 Oct 2016 13:37:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.37.164.100 with HTTP; Fri, 21 Oct 2016 13:37:24 -0700 (PDT) From: William Boyd Date: Fri, 21 Oct 2016 13:37:24 -0700 Message-ID: Subject: 8.5.4 to 8.5.5 SSL Issue To: users@tomcat.apache.org Content-Type: multipart/alternative; boundary=94eb2c07c69482fb61053f6602c0 archived-at: Fri, 21 Oct 2016 20:37:35 -0000 --94eb2c07c69482fb61053f6602c0 Content-Type: text/plain; charset=UTF-8 Hello, I am attempting to upgrade from Tomcat 7 to 8.5.6. Everything was working great until I enabled SSL with a self-signed certificate. I am able to recreated the issue on 8.5.5. I finally had to down graded to 8.5.4 to get SSL working with identical configuration and cert. I want to be sure that this is not a known issue and that I'm not doing something wrong before I create a bug report. Server version: Apache Tomcat/8.5.5 64-bit OS Name: Windows 7 JVM Version: 1.8.0_102-b14 The cert was generated with this command: keytool -genkeypair -keyalg RSA -alias tomcat -keystore "C:/keys/keystore.jsk" -storepass changeit -validity 360 -keysize 2048 -dname CN=localhost,OU=ITS,O=Co,L=City,ST=AB,C=CA Configuration includes adding -Djavax.net.ssl.trustStore=c:/keys/keystore.jsk to JAVA_OPTS and using this connector config Here is the exception I get at startup 13-Oct-2016 15:05:17.309 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-openssl-nio-8001"] java.lang.IllegalArgumentException: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:103) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:81) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:866) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:213) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:575) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:65) at org.apache.catalina.connector.Connector.initInternal(Connector.java:944) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:606) at org.apache.catalina.startup.Catalina.load(Catalina.java:629) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494) Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at java.security.cert.PKIXParameters.(PKIXParameters.java:157) at java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:130) at org.apache.tomcat.util.net.jsse.JSSEUtil.getParameters(JSSEUtil.java:341) at org.apache.tomcat.util.net.jsse.JSSEUtil.getTrustManagers(JSSEUtil.java:273) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getTrustManagers(OpenSSLUtil.java:93) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:101) ... 20 more Thanks in advance Will --94eb2c07c69482fb61053f6602c0--