SSL is enabled in my server Tomcat 7.0.108. I enabled it according to this answer https://stackoverflow.com/a/48883483
My Connector in serverx.xml is :
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="65536" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="tomcat" keystoreFile="" keystorePass="" keystoreType="Windows-My"></Connector>But, in Tomcat 9.0.45 same configuration has an error.
org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL context java.lang.NullPointerException at java.util.Base64$Encoder.encode(Base64.java:261) at java.util.Base64$Encoder.encodeToString(Base64.java:315) at org.apache.tomcat.util.net.openssl.OpenSSLContext.addCertificate(OpenSSLContext.java:405) at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:250)Is anyone enable SSL with Tomcat 9 using Windows Certs?
Advertisement
Answer
The error is caused by the SSLImplementation selected by Tomcat: the OpenSSLImplementation requires direct access to the private key, which is impossible if you use the Windows-MY keystore.
You just need to switch to JSSEImplementation, which results in the following configuration:
<Connector port="8443" sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" scheme="https" secure="true" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreType="Windows-MY" certificateKeystoreFile="" certificateKeyAlias="tomcat" /> </SSLHostConfig></Connector>The default value of sslImplementationName automatically switches from JSSEImplementation to OpenSSLImplementation, whenever the Tomcat Native library is present (which is common on Windows): cf. Tomcat Documentation.
Remark that since Tomcat 8.5 the SSL configuration syntax changed. The one you use in your question has been deprecated in Tomcat 8.5 and removed from Tomcat 10.0.