Upgraded to 8.5.63, ssl stopped working...?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgraded to 8.5.63, ssl stopped working...?

Jim Weill
I had 8.5.41 working and decided to do the upgrade to 8.5.63 today on
Windows Server 2012r2.  I've had success with stopping the service,
renaming the tomcat directory, putting the unzipped files of the new
version in its place, and dropping in the server.xml, and web.xml files to
replace the default files.  As well, I copy over the webapps folder for the
site, then restart the service.  This process has worked many times before.

When I did this today, the service would not start for some reason.  So I
renamed the folders back to their original names, and then ran the
uninstall from the add/remove programs.  I ran the install executable on
8.5.63, dropped in the webapps folder, and the server.xml and web.xml files
and the service started, but the site never loads, even on localhost.

This is the server.xml I'm using, first configured back in 2017.  I could
probably pare it down, but once it started working, I didn't feel like
messing with removing the commented sections. :)


<?xml version="1.0" encoding="UTF-8"?>

<!--

  Licensed to the Apache Software Foundation (ASF) under one or more

  contributor license agreements.  See the NOTICE file distributed with

  this work for additional information regarding copyright ownership.

  The ASF licenses this file to You under the Apache License, Version 2.0

  (the "License"); you may not use this file except in compliance with

  the License.  You may obtain a copy of the License at


      http://www.apache.org/licenses/LICENSE-2.0


  Unless required by applicable law or agreed to in writing, software

  distributed under the License is distributed on an "AS IS" BASIS,

  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  See the License for the specific language governing permissions and

  limitations under the License.

-->

<!-- Note:  A "Server" is not itself a "Container", so you may not

     define subcomponents such as "Valves" at this level.

     Documentation at /docs/config/server.html

 -->

<Server port="8005" shutdown="SHUTDOWN">

  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />

  <!-- Security listener. Documentation at /docs/config/listeners.html

  <Listener className="org.apache.catalina.security.SecurityListener" />

  -->

  <!--APR library loader. Documentation at /docs/apr.html -->

  <Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />

  <!-- Prevent memory leaks due to use of particular java/javax APIs-->

  <Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />

  <Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

  <Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />


  <!-- Global JNDI resources

       Documentation at /docs/jndi-resources-howto.html

  -->

  <GlobalNamingResources>

    <!-- Editable user database that can also be used by

         UserDatabaseRealm to authenticate users

    -->

    <Resource name="UserDatabase" auth="Container"

              type="org.apache.catalina.UserDatabase"

              description="User database that can be updated and saved"

              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"

              pathname="conf/tomcat-users.xml" />

  </GlobalNamingResources>


  <!-- A "Service" is a collection of one or more "Connectors" that share

       a single "Container" Note:  A "Service" is not itself a "Container",

       so you may not define subcomponents such as "Valves" at this level.

       Documentation at /docs/config/service.html

   -->

  <Service name="Catalina">


    <!--The connectors can use a shared executor, you can define one or
more named thread pools-->

    <!--

    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"

        maxThreads="150" minSpareThreads="4"/>

    -->



    <!-- A "Connector" represents an endpoint by which requests are received

         and responses are returned. Documentation at :

         Java HTTP Connector: /docs/config/http.html

         Java AJP  Connector: /docs/config/ajp.html

         APR (HTTP/AJP) Connector: /docs/apr.html

         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080

    -->

    <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443" />

    <!-- A "Connector" using the shared thread pool-->

    <!--

    <Connector executor="tomcatThreadPool"

               port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443" />

    -->

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443

         This connector uses the NIO implementation with the JSSE engine.
When

         using the JSSE engine, the JSSE configuration attributes must be
used.

    -->


    <Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="150" SSLEnabled="true" >

        <SSLHostConfig  protocols="TLSv1.2"


ciphers="ECDH+AESGCM,DH+AESGCM,ECDH+AES256,DH+AES256,ECDH+AES128,DH+AES,


RSA+AESGCM,RSA+AES,!aNULL,!MD5,!DSS,!AES256,!CAMELLIA"

                        honorCipherOrder="true">

            <Certificate certificateFile="D:\_ssh\_.ICSI.Berkeley.EDU.crt"


certificateKeyFile="D:\_ssh\_.ICSI.Berkeley.EDU.key"

                          />

        </SSLHostConfig>

    </Connector>


    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

         This connector uses the APR/native implementation. When using the

         APR/native implementation or the OpenSSL engine with NIO or NIO2
then

         the OpenSSL configuration attributes must be used.

    -->

    <!--

    <Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"

               maxThreads="150" SSLEnabled="true" >

        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
/>

        <SSLHostConfig>

            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"

                         certificateFile="conf/localhost-rsa-cert.pem"

                         certificateChainFile="conf/localhost-rsa-chain.pem"

                         type="RSA" />

        </SSLHostConfig>

    </Connector>

    -->


    <!-- Define an AJP 1.3 Connector on port 8009 -->

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />



    <!-- An Engine represents the entry point (within Catalina) that
processes

         every request.  The Engine implementation for Tomcat stand alone

         analyzes the HTTP headers included with the request, and passes
them

         on to the appropriate Host (virtual host).

         Documentation at /docs/config/engine.html -->


    <!-- You should set jvmRoute to support load-balancing via AJP ie :

    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">

    -->

    <Engine name="Catalina" defaultHost="localhost">


      <!--For clustering, please take a look at documentation at:

          /docs/cluster-howto.html  (simple how to)

          /docs/config/cluster.html (reference documentation) -->

      <!--

      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>

      -->


      <!-- Use the LockOutRealm to prevent attempts to guess user passwords

           via a brute-force attack -->

      <Realm className="org.apache.catalina.realm.LockOutRealm">

        <!-- This Realm uses the UserDatabase configured in the global JNDI

             resources under the key "UserDatabase".  Any edits

             that are performed against this UserDatabase are immediately

             available for use by the Realm.  -->

        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"

               resourceName="UserDatabase"/>

      </Realm>


      <Host name="localhost"  appBase="webapps"

            unpackWARs="true" autoDeploy="true">


        <!-- SingleSignOn valve, share authentication between web
applications

             Documentation at: /docs/config/valve.html -->

        <!--

        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />

        -->


        <!-- Access log processes all example.

             Documentation at: /docs/config/valve.html

             Note: The pattern used is equivalent to using pattern="common"
-->

        <Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"

               prefix="localhost_access_log" suffix=".txt"

               pattern="%h %l %u %t &quot;%r&quot; %s %b" />


      </Host>

    </Engine>

  </Service>

</Server>
Reply | Threaded
Open this post in threaded view
|

Re: Upgraded to 8.5.63, ssl stopped working...?

Mark Thomas-2
On 11/02/2021 02:06, Jim Weill wrote:

> I had 8.5.41 working and decided to do the upgrade to 8.5.63 today on
> Windows Server 2012r2.  I've had success with stopping the service,
> renaming the tomcat directory, putting the unzipped files of the new
> version in its place, and dropping in the server.xml, and web.xml files to
> replace the default files.  As well, I copy over the webapps folder for the
> site, then restart the service.  This process has worked many times before.
>
> When I did this today, the service would not start for some reason.  So I
> renamed the folders back to their original names, and then ran the
> uninstall from the add/remove programs.  I ran the install executable on
> 8.5.63, dropped in the webapps folder, and the server.xml and web.xml files
> and the service started, but the site never loads, even on localhost.

What do you see in the logs? Ideally you want to clear the logs, start
Tomcat, make a single request, stop Tomcat and then look at the logs.

If you see an error, the safest approach is to fix that error and then
repeat the process as subsequent errors are often side-effects of the
first error.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Upgraded to 8.5.63, ssl stopped working...?

Jim Weill
Sorry, I should have posted it yesterday.  This was the only thing I could
find that had anything like an error in the stderr log:

10-Feb-2021 17:34:09.930 SEVERE [main]
org.apache.catalina.core.StandardService.initInternal Failed to initialize
connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1077)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
Caused by: java.lang.IllegalArgumentException: Illegal character in opaque
part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1143)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1075)
... 13 more
Caused by: java.lang.IllegalArgumentException: Illegal character in opaque
part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
at java.net.URI.create(Unknown Source)
at java.net.URI.resolve(Unknown Source)
at
org.apache.tomcat.util.file.ConfigFileLoader.getURI(ConfigFileLoader.java:105)
at
org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:88)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:98)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:90)
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:313)
at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
... 20 more
Caused by: java.net.URISyntaxException: Illegal character in opaque part at
index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
at java.net.URI$Parser.fail(Unknown Source)
at java.net.URI$Parser.checkChars(Unknown Source)
at java.net.URI$Parser.parse(Unknown Source)
at java.net.URI.<init>(Unknown Source)
... 29 more
10-Feb-2021 17:34:09.930 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["ajp-nio-127.0.0.1-8009"]
10-Feb-2021 17:34:09.930 INFO [main]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared
selector for servlet write/read
10-Feb-2021 17:34:09.930 INFO [main]
org.apache.catalina.startup.Catalina.load Initialization processed in 1522
ms

On Thu, Feb 11, 2021 at 12:17 AM Mark Thomas <[hidden email]> wrote:

> On 11/02/2021 02:06, Jim Weill wrote:
> > I had 8.5.41 working and decided to do the upgrade to 8.5.63 today on
> > Windows Server 2012r2.  I've had success with stopping the service,
> > renaming the tomcat directory, putting the unzipped files of the new
> > version in its place, and dropping in the server.xml, and web.xml files
> to
> > replace the default files.  As well, I copy over the webapps folder for
> the
> > site, then restart the service.  This process has worked many times
> before.
> >
> > When I did this today, the service would not start for some reason.  So I
> > renamed the folders back to their original names, and then ran the
> > uninstall from the add/remove programs.  I ran the install executable on
> > 8.5.63, dropped in the webapps folder, and the server.xml and web.xml
> files
> > and the service started, but the site never loads, even on localhost.
>
> What do you see in the logs? Ideally you want to clear the logs, start
> Tomcat, make a single request, stop Tomcat and then look at the logs.
>
> If you see an error, the safest approach is to fix that error and then
> repeat the process as subsequent errors are often side-effects of the
> first error.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Upgraded to 8.5.63, ssl stopped working...?

remm
On Thu, Feb 11, 2021 at 10:33 PM Jim Weill <[hidden email]>
wrote:

> Sorry, I should have posted it yesterday.  This was the only thing I could
> find that had anything like an error in the stderr log:
>
> 10-Feb-2021 17:34:09.930 SEVERE [main]
> org.apache.catalina.core.StandardService.initInternal Failed to initialize
> connector [Connector[HTTP/1.1-8443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization
> failed
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1077)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
>
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
>
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> at java.lang.reflect.Method.invoke(Unknown Source)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
> Caused by: java.lang.IllegalArgumentException: Illegal character in opaque
> part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
> at
> org.apache.tomcat.util.net
> .AbstractEndpoint.init(AbstractEndpoint.java:1143)
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
> at
>
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1075)
> ... 13 more
> Caused by: java.lang.IllegalArgumentException: Illegal character in opaque
> part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> at java.net.URI.create(Unknown Source)
> at java.net.URI.resolve(Unknown Source)
> at
>
> org.apache.tomcat.util.file.ConfigFileLoader.getURI(ConfigFileLoader.java:105)
> at
>
> org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:88)
> at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:98)
> at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:90)
> at
> org.apache.tomcat.util.net
> .SSLUtilBase.getKeyManagers(SSLUtilBase.java:313)
> at
> org.apache.tomcat.util.net
> .SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
> at
> org.apache.tomcat.util.net
> .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
> ... 20 more
> Caused by: java.net.URISyntaxException: Illegal character in opaque part at
> index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> at java.net.URI$Parser.fail(Unknown Source)
> at java.net.URI$Parser.checkChars(Unknown Source)
> at java.net.URI$Parser.parse(Unknown Source)
> at java.net.URI.<init>(Unknown Source)
> ... 29 more
> 10-Feb-2021 17:34:09.930 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["ajp-nio-127.0.0.1-8009"]
> 10-Feb-2021 17:34:09.930 INFO [main]
> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
> shared
> selector for servlet write/read
> 10-Feb-2021 17:34:09.930 INFO [main]
> org.apache.catalina.startup.Catalina.load Initialization processed in 1522
> ms
>

This happens when D:\_ssh\_.ICSI.Berkeley.EDU.key is not a file (or not
there) and it then tries as a URL. Is your keystore still there after your
update ?
There were recent changes, but there's no difference that I can see with
that location as input.

Rémy


>
> On Thu, Feb 11, 2021 at 12:17 AM Mark Thomas <[hidden email]> wrote:
>
> > On 11/02/2021 02:06, Jim Weill wrote:
> > > I had 8.5.41 working and decided to do the upgrade to 8.5.63 today on
> > > Windows Server 2012r2.  I've had success with stopping the service,
> > > renaming the tomcat directory, putting the unzipped files of the new
> > > version in its place, and dropping in the server.xml, and web.xml files
> > to
> > > replace the default files.  As well, I copy over the webapps folder for
> > the
> > > site, then restart the service.  This process has worked many times
> > before.
> > >
> > > When I did this today, the service would not start for some reason.
> So I
> > > renamed the folders back to their original names, and then ran the
> > > uninstall from the add/remove programs.  I ran the install executable
> on
> > > 8.5.63, dropped in the webapps folder, and the server.xml and web.xml
> > files
> > > and the service started, but the site never loads, even on localhost.
> >
> > What do you see in the logs? Ideally you want to clear the logs, start
> > Tomcat, make a single request, stop Tomcat and then look at the logs.
> >
> > If you see an error, the safest approach is to fix that error and then
> > repeat the process as subsequent errors are often side-effects of the
> > first error.
> >
> > Mark
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]
> >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Upgraded to 8.5.63, ssl stopped working...?

Jim Weill
Yes, the file is there and readable.  The NTFS permissions have only the
built-in SYSTEM, CREATOR OWNER, and domain administrators group as having
any kind of access to the folder.  This was working before I started
upgrading.  The last modified date is 2017 on that file.

jim

On Thu, Feb 11, 2021 at 2:17 PM Rémy Maucherat <[hidden email]> wrote:

> On Thu, Feb 11, 2021 at 10:33 PM Jim Weill <[hidden email]>
> wrote:
>
> > Sorry, I should have posted it yesterday.  This was the only thing I
> could
> > find that had anything like an error in the stderr log:
> >
> > 10-Feb-2021 17:34:09.930 SEVERE [main]
> > org.apache.catalina.core.StandardService.initInternal Failed to
> initialize
> > connector [Connector[HTTP/1.1-8443]]
> > org.apache.catalina.LifecycleException: Protocol handler initialization
> > failed
> > at
> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1077)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> > at
> >
> >
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> > at
> >
> >
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
> > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> > at java.lang.reflect.Method.invoke(Unknown Source)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
> > Caused by: java.lang.IllegalArgumentException: Illegal character in
> opaque
> > part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> > at
> > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
> > at
> > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
> > at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
> > at
> > org.apache.tomcat.util.net
> > .AbstractEndpoint.init(AbstractEndpoint.java:1143)
> > at
> > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
> > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
> > at
> >
> >
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
> > at
> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1075)
> > ... 13 more
> > Caused by: java.lang.IllegalArgumentException: Illegal character in
> opaque
> > part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> > at java.net.URI.create(Unknown Source)
> > at java.net.URI.resolve(Unknown Source)
> > at
> >
> >
> org.apache.tomcat.util.file.ConfigFileLoader.getURI(ConfigFileLoader.java:105)
> > at
> >
> >
> org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:88)
> > at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:98)
> > at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:90)
> > at
> > org.apache.tomcat.util.net
> > .SSLUtilBase.getKeyManagers(SSLUtilBase.java:313)
> > at
> > org.apache.tomcat.util.net
> > .SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
> > at
> > org.apache.tomcat.util.net
> > .AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
> > ... 20 more
> > Caused by: java.net.URISyntaxException: Illegal character in opaque part
> at
> > index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> > at java.net.URI$Parser.fail(Unknown Source)
> > at java.net.URI$Parser.checkChars(Unknown Source)
> > at java.net.URI$Parser.parse(Unknown Source)
> > at java.net.URI.<init>(Unknown Source)
> > ... 29 more
> > 10-Feb-2021 17:34:09.930 INFO [main]
> > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> > ["ajp-nio-127.0.0.1-8009"]
> > 10-Feb-2021 17:34:09.930 INFO [main]
> > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
> > shared
> > selector for servlet write/read
> > 10-Feb-2021 17:34:09.930 INFO [main]
> > org.apache.catalina.startup.Catalina.load Initialization processed in
> 1522
> > ms
> >
>
> This happens when D:\_ssh\_.ICSI.Berkeley.EDU.key is not a file (or not
> there) and it then tries as a URL. Is your keystore still there after your
> update ?
> There were recent changes, but there's no difference that I can see with
> that location as input.
>
> Rémy
>
>
> >
> > On Thu, Feb 11, 2021 at 12:17 AM Mark Thomas <[hidden email]> wrote:
> >
> > > On 11/02/2021 02:06, Jim Weill wrote:
> > > > I had 8.5.41 working and decided to do the upgrade to 8.5.63 today on
> > > > Windows Server 2012r2.  I've had success with stopping the service,
> > > > renaming the tomcat directory, putting the unzipped files of the new
> > > > version in its place, and dropping in the server.xml, and web.xml
> files
> > > to
> > > > replace the default files.  As well, I copy over the webapps folder
> for
> > > the
> > > > site, then restart the service.  This process has worked many times
> > > before.
> > > >
> > > > When I did this today, the service would not start for some reason.
> > So I
> > > > renamed the folders back to their original names, and then ran the
> > > > uninstall from the add/remove programs.  I ran the install executable
> > on
> > > > 8.5.63, dropped in the webapps folder, and the server.xml and web.xml
> > > files
> > > > and the service started, but the site never loads, even on localhost.
> > >
> > > What do you see in the logs? Ideally you want to clear the logs, start
> > > Tomcat, make a single request, stop Tomcat and then look at the logs.
> > >
> > > If you see an error, the safest approach is to fix that error and then
> > > repeat the process as subsequent errors are often side-effects of the
> > > first error.
> > >
> > > Mark
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [hidden email]
> > > For additional commands, e-mail: [hidden email]
> > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Upgraded to 8.5.63, ssl stopped working...?

Mark Thomas-2
On February 11, 2021 11:01:27 PM UTC, Jim Weill <[hidden email]> wrote:
>Yes, the file is there and readable.  The NTFS permissions have only
>the
>built-in SYSTEM, CREATOR OWNER, and domain administrators group as
>having
>any kind of access to the folder.  This was working before I started
>upgrading.  The last modified date is 2017 on that file.

Check the user the Tomcat service is running as. This changed from Local System (essentially an admin account) to the less privileged Local Service.

Mark


>
>jim
>
>On Thu, Feb 11, 2021 at 2:17 PM Rémy Maucherat <[hidden email]> wrote:
>
>> On Thu, Feb 11, 2021 at 10:33 PM Jim Weill
><[hidden email]>
>> wrote:
>>
>> > Sorry, I should have posted it yesterday.  This was the only thing
>I
>> could
>> > find that had anything like an error in the stderr log:
>> >
>> > 10-Feb-2021 17:34:09.930 SEVERE [main]
>> > org.apache.catalina.core.StandardService.initInternal Failed to
>> initialize
>> > connector [Connector[HTTP/1.1-8443]]
>> > org.apache.catalina.LifecycleException: Protocol handler
>initialization
>> > failed
>> > at
>> >
>org.apache.catalina.connector.Connector.initInternal(Connector.java:1077)
>> > at
>org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> > at
>> >
>> >
>>
>org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
>> > at
>org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> > at
>> >
>> >
>>
>org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
>> > at
>org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
>> > at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>> > at java.lang.reflect.Method.invoke(Unknown Source)
>> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
>> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
>> > Caused by: java.lang.IllegalArgumentException: Illegal character in
>> opaque
>> > part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
>> > at
>> > org.apache.tomcat.util.net
>> >
>.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
>> > at
>> > org.apache.tomcat.util.net
>> > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
>> > at
>org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
>> > at
>> > org.apache.tomcat.util.net
>> > .AbstractEndpoint.init(AbstractEndpoint.java:1143)
>> > at
>> > org.apache.tomcat.util.net
>> > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
>> > at
>org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
>> > at
>> >
>> >
>>
>org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
>> > at
>> >
>org.apache.catalina.connector.Connector.initInternal(Connector.java:1075)
>> > ... 13 more
>> > Caused by: java.lang.IllegalArgumentException: Illegal character in
>> opaque
>> > part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
>> > at java.net.URI.create(Unknown Source)
>> > at java.net.URI.resolve(Unknown Source)
>> > at
>> >
>> >
>>
>org.apache.tomcat.util.file.ConfigFileLoader.getURI(ConfigFileLoader.java:105)
>> > at
>> >
>> >
>>
>org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:88)
>> > at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:98)
>> > at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:90)
>> > at
>> > org.apache.tomcat.util.net
>> > .SSLUtilBase.getKeyManagers(SSLUtilBase.java:313)
>> > at
>> > org.apache.tomcat.util.net
>> > .SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
>> > at
>> > org.apache.tomcat.util.net
>> >
>.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
>> > ... 20 more
>> > Caused by: java.net.URISyntaxException: Illegal character in opaque
>part
>> at
>> > index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
>> > at java.net.URI$Parser.fail(Unknown Source)
>> > at java.net.URI$Parser.checkChars(Unknown Source)
>> > at java.net.URI$Parser.parse(Unknown Source)
>> > at java.net.URI.<init>(Unknown Source)
>> > ... 29 more
>> > 10-Feb-2021 17:34:09.930 INFO [main]
>> > org.apache.coyote.AbstractProtocol.init Initializing
>ProtocolHandler
>> > ["ajp-nio-127.0.0.1-8009"]
>> > 10-Feb-2021 17:34:09.930 INFO [main]
>> > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using
>a
>> > shared
>> > selector for servlet write/read
>> > 10-Feb-2021 17:34:09.930 INFO [main]
>> > org.apache.catalina.startup.Catalina.load Initialization processed
>in
>> 1522
>> > ms
>> >
>>
>> This happens when D:\_ssh\_.ICSI.Berkeley.EDU.key is not a file (or
>not
>> there) and it then tries as a URL. Is your keystore still there after
>your
>> update ?
>> There were recent changes, but there's no difference that I can see
>with
>> that location as input.
>>
>> Rémy
>>
>>
>> >
>> > On Thu, Feb 11, 2021 at 12:17 AM Mark Thomas <[hidden email]>
>wrote:
>> >
>> > > On 11/02/2021 02:06, Jim Weill wrote:
>> > > > I had 8.5.41 working and decided to do the upgrade to 8.5.63
>today on
>> > > > Windows Server 2012r2.  I've had success with stopping the
>service,
>> > > > renaming the tomcat directory, putting the unzipped files of
>the new
>> > > > version in its place, and dropping in the server.xml, and
>web.xml
>> files
>> > > to
>> > > > replace the default files.  As well, I copy over the webapps
>folder
>> for
>> > > the
>> > > > site, then restart the service.  This process has worked many
>times
>> > > before.
>> > > >
>> > > > When I did this today, the service would not start for some
>reason.
>> > So I
>> > > > renamed the folders back to their original names, and then ran
>the
>> > > > uninstall from the add/remove programs.  I ran the install
>executable
>> > on
>> > > > 8.5.63, dropped in the webapps folder, and the server.xml and
>web.xml
>> > > files
>> > > > and the service started, but the site never loads, even on
>localhost.
>> > >
>> > > What do you see in the logs? Ideally you want to clear the logs,
>start
>> > > Tomcat, make a single request, stop Tomcat and then look at the
>logs.
>> > >
>> > > If you see an error, the safest approach is to fix that error and
>then
>> > > repeat the process as subsequent errors are often side-effects of
>the
>> > > first error.
>> > >
>> > > Mark
>> > >
>> > >
>---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: [hidden email]
>> > > For additional commands, e-mail: [hidden email]
>> > >
>> > >
>> >
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Upgraded to 8.5.63, ssl stopped working...?

remm
On Fri, Feb 12, 2021 at 8:17 AM Mark Thomas <[hidden email]> wrote:

> On February 11, 2021 11:01:27 PM UTC, Jim Weill <[hidden email]>
> wrote:
> >Yes, the file is there and readable.  The NTFS permissions have only
> >the
> >built-in SYSTEM, CREATOR OWNER, and domain administrators group as
> >having
> >any kind of access to the folder.  This was working before I started
> >upgrading.  The last modified date is 2017 on that file.
>
> Check the user the Tomcat service is running as. This changed from Local
> System (essentially an admin account) to the less privileged Local Service.
>

I think the problem which messes up everything is a supposed non absolute
URI. I don't remember why this is legitimate, but it probably is, and that
means the error messages are microsoftian. I improved them.

Rémy


> Mark
>
>
> >
> >jim
> >
> >On Thu, Feb 11, 2021 at 2:17 PM Rémy Maucherat <[hidden email]> wrote:
> >
> >> On Thu, Feb 11, 2021 at 10:33 PM Jim Weill
> ><[hidden email]>
> >> wrote:
> >>
> >> > Sorry, I should have posted it yesterday.  This was the only thing
> >I
> >> could
> >> > find that had anything like an error in the stderr log:
> >> >
> >> > 10-Feb-2021 17:34:09.930 SEVERE [main]
> >> > org.apache.catalina.core.StandardService.initInternal Failed to
> >> initialize
> >> > connector [Connector[HTTP/1.1-8443]]
> >> > org.apache.catalina.LifecycleException: Protocol handler
> >initialization
> >> > failed
> >> > at
> >> >
> >org.apache.catalina.connector.Connector.initInternal(Connector.java:1077)
> >> > at
> >org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> >> > at
> >> >
> >> >
> >>
>
> >org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
> >> > at
> >org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> >> > at
> >> >
> >> >
> >>
>
> >org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:846)
> >> > at
> >org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> >> > at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
> >> > at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >> > at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
> >> > at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
> >> > at java.lang.reflect.Method.invoke(Unknown Source)
> >> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
> >> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
> >> > Caused by: java.lang.IllegalArgumentException: Illegal character in
> >> opaque
> >> > part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> >> > at
> >> > org.apache.tomcat.util.net
> >> >
> >.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
> >> > at
> >> > org.apache.tomcat.util.net
> >> > .AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
> >> > at
> >org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:247)
> >> > at
> >> > org.apache.tomcat.util.net
> >> > .AbstractEndpoint.init(AbstractEndpoint.java:1143)
> >> > at
> >> > org.apache.tomcat.util.net
> >> > .AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:222)
> >> > at
> >org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:599)
> >> > at
> >> >
> >> >
> >>
>
> >org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:80)
> >> > at
> >> >
> >org.apache.catalina.connector.Connector.initInternal(Connector.java:1075)
> >> > ... 13 more
> >> > Caused by: java.lang.IllegalArgumentException: Illegal character in
> >> opaque
> >> > part at index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> >> > at java.net.URI.create(Unknown Source)
> >> > at java.net.URI.resolve(Unknown Source)
> >> > at
> >> >
> >> >
> >>
>
> >org.apache.tomcat.util.file.ConfigFileLoader.getURI(ConfigFileLoader.java:105)
> >> > at
> >> >
> >> >
> >>
>
> >org.apache.tomcat.util.file.ConfigFileLoader.getInputStream(ConfigFileLoader.java:88)
> >> > at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:98)
> >> > at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:90)
> >> > at
> >> > org.apache.tomcat.util.net
> >> > .SSLUtilBase.getKeyManagers(SSLUtilBase.java:313)
> >> > at
> >> > org.apache.tomcat.util.net
> >> > .SSLUtilBase.createSSLContext(SSLUtilBase.java:245)
> >> > at
> >> > org.apache.tomcat.util.net
> >> >
> >.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
> >> > ... 20 more
> >> > Caused by: java.net.URISyntaxException: Illegal character in opaque
> >part
> >> at
> >> > index 2: D:\_ssh\_.ICSI.Berkeley.EDU.key
> >> > at java.net.URI$Parser.fail(Unknown Source)
> >> > at java.net.URI$Parser.checkChars(Unknown Source)
> >> > at java.net.URI$Parser.parse(Unknown Source)
> >> > at java.net.URI.<init>(Unknown Source)
> >> > ... 29 more
> >> > 10-Feb-2021 17:34:09.930 INFO [main]
> >> > org.apache.coyote.AbstractProtocol.init Initializing
> >ProtocolHandler
> >> > ["ajp-nio-127.0.0.1-8009"]
> >> > 10-Feb-2021 17:34:09.930 INFO [main]
> >> > org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using
> >a
> >> > shared
> >> > selector for servlet write/read
> >> > 10-Feb-2021 17:34:09.930 INFO [main]
> >> > org.apache.catalina.startup.Catalina.load Initialization processed
> >in
> >> 1522
> >> > ms
> >> >
> >>
> >> This happens when D:\_ssh\_.ICSI.Berkeley.EDU.key is not a file (or
> >not
> >> there) and it then tries as a URL. Is your keystore still there after
> >your
> >> update ?
> >> There were recent changes, but there's no difference that I can see
> >with
> >> that location as input.
> >>
> >> Rémy
> >>
> >>
> >> >
> >> > On Thu, Feb 11, 2021 at 12:17 AM Mark Thomas <[hidden email]>
> >wrote:
> >> >
> >> > > On 11/02/2021 02:06, Jim Weill wrote:
> >> > > > I had 8.5.41 working and decided to do the upgrade to 8.5.63
> >today on
> >> > > > Windows Server 2012r2.  I've had success with stopping the
> >service,
> >> > > > renaming the tomcat directory, putting the unzipped files of
> >the new
> >> > > > version in its place, and dropping in the server.xml, and
> >web.xml
> >> files
> >> > > to
> >> > > > replace the default files.  As well, I copy over the webapps
> >folder
> >> for
> >> > > the
> >> > > > site, then restart the service.  This process has worked many
> >times
> >> > > before.
> >> > > >
> >> > > > When I did this today, the service would not start for some
> >reason.
> >> > So I
> >> > > > renamed the folders back to their original names, and then ran
> >the
> >> > > > uninstall from the add/remove programs.  I ran the install
> >executable
> >> > on
> >> > > > 8.5.63, dropped in the webapps folder, and the server.xml and
> >web.xml
> >> > > files
> >> > > > and the service started, but the site never loads, even on
> >localhost.
> >> > >
> >> > > What do you see in the logs? Ideally you want to clear the logs,
> >start
> >> > > Tomcat, make a single request, stop Tomcat and then look at the
> >logs.
> >> > >
> >> > > If you see an error, the safest approach is to fix that error and
> >then
> >> > > repeat the process as subsequent errors are often side-effects of
> >the
> >> > > first error.
> >> > >
> >> > > Mark
> >> > >
> >> > >
> >---------------------------------------------------------------------
> >> > > To unsubscribe, e-mail: [hidden email]
> >> > > For additional commands, e-mail: [hidden email]
> >> > >
> >> > >
> >> >
> >>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Upgraded to 8.5.63, ssl stopped working...?

Jim Weill
In reply to this post by Mark Thomas-2
This was the fix.  Thank you!

jim

On Thu, Feb 11, 2021 at 11:17 PM Mark Thomas <[hidden email]> wrote:

> Check the user the Tomcat service is running as. This changed from Local
> System (essentially an admin account) to the less privileged Local Service.
>
> Mark
>
>
>