I have SSL certificate purchased and installed into tomcat. I created tomcat.keystore file which I include in server.xml file also put password but not able to understand keyAlias="aaa". If I put keyAlias="localhost" then I get exception given below. And if I remove keyAlias itself from the Connector tag then I get another exception which is given below next localhost exception.
java.io.IOException: Alias name localhost does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:588)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:526)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:471)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
Here is exception after removing keyAlias itself from the Connector tag.
Aug 08, 2015 2:39:18 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.net.BindException: Address already in use <null>:443
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
Caused by: java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
at java.net.ServerSocket.bind(ServerSocket.java:376)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at java.net.ServerSocket.<init>(ServerSocket.java:181)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)
at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:107)
at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:84)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:219)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
... 17 more
Following is the content of server.xml file.
<Connector port="443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore"
keystorePass="test" keyAlias="aaa"/>
What is that keyAlias ? Why am I getting exception after removing it which is Binding exception ?
KEYALIAS:
https://www.digicert.com/ssl-certificate-installation-tomcat.htm`
When you import your certificate into the keystore, you would typically give an "alias":
keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks
In your server.xml, you must then declare the same "alias":
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https"
secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"
keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks"
keystorePass="your_keystore_password" />
Here are some other links that might help:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
https://www.mulesoft.com/tcat/tomcat-ssl
https://wolfpaulus.com/jounal/mac/tomcat-ssl/
SECOND ISSUE, "CAN'T BIND":
As far as "address in use", I would simply try rebooting the server and see if Tomcat starts correctly.
If you encounter the error again,
Look in your Tomcat settings to see which port you're trying to use (e.g. 443)
Check your system to see who else is using the port (lsof, nmap, etc):
http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/s1-server-ports.html
These errors are not related.
keyAlias is documented in the Tomcat documentation, and that is where you should look for its meaning.
The error you have made is to not import the signed certificate with the same alias you used when generating the keypair. They must be the same so that they keytool will associate the keypair with the certificate and create a key entry instead of a certificate entry.
The BindException means that some other process, probably a prior invocation of Tomcat that hasn't exited yet, is using the port. Or possibly you have configured two Connectors to use the same port. It only shows up as an error when you configure the SSL connector correctly.
Related
Recentrly I have upgraded my tomcat from 8.0 to 8.5.28. My https configuration worked perfectly in 8.0. But After I upgraded it to 8.5.x, HTTPS stopped working.
I have jks file in tomcat's conf folder and I have mentioned following in server.xml file:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA"
maxThreads="150"
scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.1,TLSv1.2"
keystoreFile="/my/path/to/tomcat/mykeystore.jks"
keystorePass="mypassword"
/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.1,TLSv1.2"
keystoreFile="/my/path/to/tomcat/mykeystore.jks"
keystorePass="mypassword"
/>
I am getting this error in catalina.out. I searched in the web but no solution worked for me. Can anyone say what I am missing.
11-Dec-2018 20:35:30.193 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
... 12 more
Caused by: java.lang.IllegalArgumentException: DerInputStream.getLength(): lengthTag=109, too big.
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
... 13 more
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:599)
at sun.security.util.DerValue.init(DerValue.java:391)
at sun.security.util.DerValue.<init>(DerValue.java:332)
at sun.security.util.DerValue.<init>(DerValue.java:345)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1938)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:139)
at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
... 20 more
It looks like it is expecting a PKCS#12 keystore, but you're providing a JKS keystore. I think I read somewhere that something, maybe Java, used to accept either one when you asked for a PKCS#12 keystore but then got more strict in a recent upgrade. Try adding keystoreType="JKS" to server.xml
I want to specify the provider to be used by tomcat connector so that the default is taken from java.security file.
As per the tomcat documentation:
The name of the keystore provider to be used for the server
certificate. If not specified, the list of registered providers is
traversed in preference order and the first provider that supports the
keystoreType is used.
<Connector algorithm="SunX509" port="9443" keystoreProvider="" truststoreProvider="SunProvider" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="100" minSpareThreads="10" maxConnections="1000" scheme="https" secure="true"
keystoreFile="xxx.jks" keystorePass="xxx" keystoreType="jks"
truststoreFile="yyy.jks" truststorePass="yy" truststoreType="jks"
clientAuth="want" sslProtocol="TLSv1.2">
But i am not aware of teh possible values to be put for this attribute.
I tried this, is getting the error:
org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore Failed to load keystore type jks with path /app/tomcat/conf/jks/xxx.jks due to no such provider: SunProvider
java.security.NoSuchProviderException: no such provider: SunProvider
at sun.security.jca.GetInstance.getService(GetInstance.java:83)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:698)
at java.security.KeyStore.getInstance(KeyStore.java:896)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:424)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:339)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:597)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:537)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:358)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:737)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
The java,security file for me as as below:
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.3=com.safenetinc.luna.provider.LunaProvider
Edit:-
I tried using SunJSSE provider, but geeting JKS not found error for that.
java.security.KeyStoreException: jks not found
at java.security.KeyStore.getInstance(KeyStore.java:899)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:424)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:339)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:597)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:537)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:358)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:737)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:120)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: jks for provider SunJSSE
at sun.security.jca.GetInstance.getService(GetInstance.java:87)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
at java.security.Security.getImpl(Security.java:698)
at java.security.KeyStore.getInstance(KeyStore.java:896)
... 22 more
I have read many threads regarding this issue but none of the solutions worked for me.
I'm going crazy trying to troubleshoot this. My web application worked well and then a couple of days ago I started receiving the following exception when either trying to run the application
or just starting Tomcat (from Netbeans). Sometimes (rarely) , Tomcat does start but Netbeans8.1 still can't deploy the application (Deployement error: Starting of Tomcat failed ).
28-Jan-2016 15:32:17.947 SEVERE [main]
org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["ajp-apr-8009"]
java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted.
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:471)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:742)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:457)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:960)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
28-Jan-2016 15:32:17.947 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[AJP/1.3-8009]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[AJP/1.3-8010]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:567)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:851)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:576)
at org.apache.catalina.startup.Catalina.load(Catalina.java:599)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:310)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:484)
...
I should say that my colleagues have the same Tomcat configuration and version but the problem exists on my PC only. Anyway, here's part of server.xml
<Connector connectionTimeout="20000" port="8081" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
As far as I can tell (I've used netstat -aon) , no other process is using that port (8009) and I tried other ports but to no avail.
Thank you
It seems 8009 port is using some where
Please check your port is running or not using below command in window
netstat -aon | findstr 8009
and kill the process if you find any using
taskkill /pid <pid>
I resolved my problem by reinstalling Netbeans, recreating all the projects (re-importing the workspace) and reinstalling Tomcat.
It seems that Netbeans can sometimes (on deployment in my case) mess up the Tomcat installation irreparably and the only way (or at least the easiest way) is to reinstall everything, which in my case took about 30-40 minutes. (and I spent days trying to troubleshoot)
I'm trying to connect to Tomcat through https on a remote server; I've found many answers, but no one has worked for me; I'm using Apache, Tomcat 7 on Ubuntu Server 14.04.
First, I created the certificate keystore writing:
keytool -genkey -alias tomcat -keyalg RSA
after I' ve edited "/etc/tomcat7/server.xml" to use ssl on port 8443:
<Connector port="8443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11Protocol"
keystoreType="JKS"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/lib/jvm/java-7-openjdk-amd64/bin/keytool"
keystorePass="***********" keyAlias="tomcat"
clientAuth="false" sslProtocol="TLS"/>
where ********** is the password; restarting Tomcat through:
sudo service tomcat7 restart
I'm getting the following error in file "/var/log/tomcat7/catalina.out":
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:392)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:291)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:549)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:489)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:434)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:181)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:397)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
The keystore type is JKS, I've verified it through the command:
$JAVA_HOME/bin/keytool -list
which has returned:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, 17-Oct-2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 33:14:32:DD:DA:20:BF:CF:70:32:F5:0E:E9:F1:C1:5B:4E:C3:DB:AB
where $JAVA_HOME is "/usr/lib/jvm/java-7-openjdk-amd64";
So when I try to connect to "https://myServerIp:8443/" or to "https://myDomainName:8443/" I get "Unable to connect" error.
just to further support this answer for beginners like me. On Windows OS
First go to C:\Program Files\Java\jdk1.8,
Press Shift + right-click to open command pront: write this keytool.exe -genkey -alias tomcat -keyalg RSA -keystore /{user.name}/.keystore,
A sequence of question will then follow after that you will see a new .keytore generated at the specify path
Now you need to go to server.xml and modify this two keystoreFile="${user.home}/.keystore" keystorePass="changeit" with the appropriate one.
Now it works correctly, in short:
I specified the path of the .keystore file
I configured Tomcat to use this file
Thanks to #Titus I've understood where the problem was: when I run the command
keytool -genkey -alias tomcat -keyalg RSA
or the command
$JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias tomcat
the program keytool create a file .keystore in a folder of the server; the directory /usr/lib/jvm/java-7-openjdk-amd64/jre/bin contains a file named keystore, but this file is not correct to setup tomcat or for some reason it doesn't work in my case.
To specify the path of the file .keystore we can run the command
keytool -genkey -alias tomcat -keyalg RSA -keystore /path/.keystore
and after that I've configured Tomcat editing the file /etc/tomcat7/server.xml with the file just created:
<Connector port="8443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11Protocol"
keystoreType="JKS"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/path/.keystore"
keystorePass="************" keyAlias="tomcat"
clientAuth="false" sslProtocol="TLS"/>
I am trying to set-up a Tomcat Application development environment on my brand new MacBook Pro. I need to set-up an SSL connector implementing org.bouncycastle.jce.provider.BouncyCastleProvider.
Tomcat 7 starts but the SSL connector fails to be mounted and i read this stack in Tomcat Out :
Grave: Failed to initialize connector [Connector[HTTP/1.1-9443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-9443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Caused by: org.apache.catalina.LifecycleException: L''initialisation du gestionnaire de protocole a échoué
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.lang.ClassNotFoundException: Error loading SSL Implementation org.bouncycastle.jce.provider.BouncyCastleProvider :java.lang.ClassCastException: org.bouncycastle.jce.provider.BouncyCastleProvider cannot be cast to org.apache.tomcat.util.net.SSLImplementation
at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:75)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:118)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
... 13 more
Something tells me that it has to do with "java.lang.ClassNotFoundException:". However I located the jar containing org.bouncycastle.jce.provider.BouncyCastleProvider class in JAVA_HOME/lib/ext. I even tried to place it in CATALINA_BASE/lib in order to see if this could come from a ClassPath error. Nope !
Tomcat server.xml excerpt:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/Users/xavier/ssl/pchain.keystore"
keystorePass="pwd" />
<Connector port="9443" keystorePass="pwd" alias="pca"
keystoreFile="/Users/xavier/ssl/pca.keystore" keystoreType="BKS"
SSLEnabled="true" clientAuth="false" protocol="HTTP/1.1" scheme="https"
secure="true" sslProtocol="TLS" sslImplementationName="org.bouncycastle.jce.provider.BouncyCastleProvider"/>
Here are my configuration info :
OS X version 10.8.3,
JDK 1.7.0_45,
Tomcat version 7.0.42.
BouncyCastle tested packages : bcprov-jdk15on-146.jar to bcprov-jdk15on-149.jar
Did someone already solve this ?
org.bouncycastle.jce.provider.BouncyCastleProvider is JCE provider, but not JSSE provider, which is expected by sslImplementationName.
However, default Tomcat's JSSE provider uses internally JCE, so if you configured BouncyCastleProvider properly in JRE, then its capabilities will be available to JSSE provider.
Also it would help to know what is your final goal to answer this question
thoroughly.