[Pki-users] Problems with java11

Friday, 11 January 2019

	Hi

I've migrated Debian to use java11 in every component Dogtag needs, but while the
tomcat instance seems to get up (to be configured), it can't be properly reached:

2019-01-10 18:00:30 pkispawn      : INFO     Checking server at
https://sid1.leon.tyrell:8443/ca
2019-01-10 18:01:56 pkispawn      : ERROR    Server unreachable due to SSL error:
("bad handshake: SysCallError(-1, 'Unexpected EOF')",)
2019-01-10 18:01:56 configuration : ERROR    Server failed to restart

and there's this on catalina.out: 

WARNING: The JSSE TLS 1.3 implementation does not support authentication after the initial
handshake and is there
fore incompatible with optional client authentication
SEVERE: Failed to initialize component
[Connector[org.dogtagpki.tomcat.Http11NioProtocol-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:979)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:535)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1060)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:588)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:611)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: Alias name [sslserver] does not identify a
key entry
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:85)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:224)
        at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1085)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1098)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:557)
        at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:976)
        ... 13 more
Caused by: java.io.IOException: Alias name [sslserver] does not identify a key entry
        at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:248)
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:112)
        ... 20 more

how to fix that? If this is fixed, Dogtag might finally end up in a Debian release :)

-- 
t

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[Pki-users] Problems with java11