[Pki-users] Problems with java11
Endi Sukma Dewata
edewata at redhat.com
Tue Jan 15 20:39:37 UTC 2019
----- Original Message -----
> > Are you getting this error:
> >
> > java.lang.IllegalArgumentException: Alias name [sslserver] does not
> > identify a key
> > entry
> >
> > or this error?
> >
> > java.lang.IllegalArgumentException: Multiple SSLHostConfig elements were
> > provided
> > for the host name [_default_]. Host names must be unique.
> >
> > If it's the first one, that means the PKCS #11 keystore (i.e. JSS keystore)
> > cannot
> > find the SSL server certificate. We may not have a solution since we do not
> > support
> > Java 11 yet.
>
> But I've patched Dogtag to support the new keystore, and am using JSS
> 4.5.1, I thought they did support Java 11.. so something is missing
> still then..
IIUC JSS was updated so it can build with Java 11, but I don't think it
has been thoroughly tested yet. The only user of JSS keystore (that I'm aware
of) is Dogtag and Dogtag is still using Java 8 on Fedora.
> > If it's the second one, that message is coming from Tomcat when validating
> > the
> > server.xml. Is certificateVerification the only thing you change in that
> > file? You
> > might want to try adding defaultSSLHostConfigName to Connector and hostName
> > to
> > SSLHostConfig, but I'm really not sure what's going on.
> >
> > See also this page:
> > https://stackoverflow.com/questions/42135892/tomcat-8-5-server-xml-multiple-sslhostconfig-elements-were-provided-for-the-ho
> >
> > If you put any of these deprecated attributes in the Connector directive,
> > tomcat
> > assumes you are using the old way and auto creates a SSLHostConfig itself,
> > which
> > then conflicts with the one you are creating.
--
Endi S. Dewata
More information about the Pki-users
mailing list