[Pki-users] Problems with java11

Timo Aaltonen tjaalton at ubuntu.com
Fri Jan 11 07:44:32 UTC 2019 

	Hi

I've migrated Debian to use java11 in every component Dogtag needs, but while the tomcat instance seems to get up (to be configured), it can't be properly reached:

2019-01-10 18:00:30 pkispawn      : INFO     Checking server at https://sid1.leon.tyrell:8443/ca
2019-01-10 18:01:56 pkispawn      : ERROR    Server unreachable due to SSL error: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)
2019-01-10 18:01:56 configuration : ERROR    Server failed to restart


and there's this on catalina.out: 

WARNING: The JSSE TLS 1.3 implementation does not support authentication after the initial handshake and is there
fore incompatible with optional client authentication
SEVERE: Failed to initialize component [Connector[org.dogtagpki.tomcat.Http11NioProtocol-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:979)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:535)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1060)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:588)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:611)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: Alias name [sslserver] does not identify a key entry
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224)
        at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1085)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1098)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:557)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:976)
        ... 13 more
Caused by: java.io.IOException: Alias name [sslserver] does not identify a key entry
        at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:248)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
        ... 20 more

how to fix that? If this is fixed, Dogtag might finally end up in a Debian release :)


-- 
t

More information about the Pki-users mailing list