SSL is enabled in my server Tomcat 7.0.108. I enabled it according to this answer https://stackoverflow.com/a/48883483
My Connector in serverx.xml is :
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="65536"
maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false"
sslProtocol="TLS"
keyAlias="tomcat"
keystoreFile=""
keystorePass=""
keystoreType="Windows-My">
</Connector>
But, in Tomcat 9.0.45 same configuration has an error.
org.apache.tomcat.util.net.openssl.OpenSSLContext.init Error initializing SSL context
java.lang.NullPointerException
at java.util.Base64$Encoder.encode(Base64.java:261)
at java.util.Base64$Encoder.encodeToString(Base64.java:315)
at org.apache.tomcat.util.net.openssl.OpenSSLContext.addCertificate(OpenSSLContext.java:405)
at org.apache.tomcat.util.net.openssl.OpenSSLContext.init(OpenSSLContext.java:250)
Is anyone enable SSL with Tomcat 9 using Windows Certs?
Advertisement
Answer
The error is caused by the SSLImplementation selected by Tomcat: the OpenSSLImplementation requires direct access to the private key, which is impossible if you use the Windows-MY keystore.
You just need to switch to JSSEImplementation, which results in the following configuration:
<Connector port="8443"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
scheme="https" secure="true" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreType="Windows-MY"
certificateKeystoreFile=""
certificateKeyAlias="tomcat" />
</SSLHostConfig>
</Connector>
The default value of sslImplementationName automatically switches from JSSEImplementation to OpenSSLImplementation, whenever the Tomcat Native library is present (which is common on Windows): cf. Tomcat Documentation.
Remark that since Tomcat 8.5 the SSL configuration syntax changed. The one you use in your question has been deprecated in Tomcat 8.5 and removed from Tomcat 10.0.