Коммутатор имеет версию 9. Конфигурация разъема ниже указана в server.xml. Кот не запустится. Сертификаты берутся из формы der из windows центра сертификации и конвертируются с использованием: openssl x509 -inform der -in cert.cer -out cert.pem, файл ключа остается в том виде, как он был сгенерирован openssl req -new -utf8 -nameopt multiline,utf8 -config req.cfg -newkey rsa:2048 -nodes -keyout cert.key -out cert.csr. Может кто-нибудь предложить правильную реализацию apr native в Tomcat 9 без устаревших опций?
<Connector port="443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslEnabledProtocols="TLSv1.1+TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA"
/>
<SSLHostConfig>
<Certificate certificateKeyFile="/etc/tomcat9/cert/cert.key"
certificateFile="/etc/tomcat9/cert/cert.pem"
certificateChainFile="/etc/tomcat9/cert/ca-cert.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
Если я осуждаю опции и пишу соединитель как таковой, все работает:
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="443" SSLEnabled="true" secure="true" scheme="https"
SSLProtocol="TLSv1.1+TLSv1.2"
SSLCipherSuite="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS"
SSLHonorCipherOrder="true"
SSLDisableCompression="true"
SSLCertificateFile="/etc/tomcat9/cert/era_dt_local-b64.cer"
SSLCertificateKeyFile="/etc/tomcat9/cert/era_dt_local.key"
SSLCertificateChainFile="/etc/tomcat9/cert/dt_ca-b64.cer"
disableUploadTimeout="true"
maxThreads="200"
acceptCount="100"
maxHttpHeaderSize="49152"/>
ошибки в catalina.out (примечание 148 - это строка с </Connector>)
[2020-03-27 22:14:44] [info] NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
[2020-03-27 22:14:46] [warning] No rules found matching [Server/Service/SSLHostConfig/Certificate]
[2020-03-27 22:14:46] [warning] No rules found matching [Server/Service/SSLHostConfig]
[2020-03-27 22:14:46] [crit] Parse fatal error at line [148] column [3]
[2020-03-27 22:14:46] [crit] org.xml.sax.SAXParseException; systemId: file:/var/lib/tomcat9/conf/server.xml; lineNumber: 148; columnNumber: 3; The element type "Service" must be terminated by the matching end-tag "</Service>".
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1471)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1685)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2883)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:534)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:888)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:824)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1216)
[2020-03-27 22:14:46] [crit] at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:635)
[2020-03-27 22:14:46] [crit] at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1431)
[2020-03-27 22:14:46] [crit] at org.apache.catalina.startup.Catalina.load(Catalina.java:567)
[2020-03-27 22:14:46] [crit] at org.apache.catalina.startup.Catalina.load(Catalina.java:612)
[2020-03-27 22:14:46] [crit] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[2020-03-27 22:14:46] [crit] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[2020-03-27 22:14:46] [crit] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2020-03-27 22:14:46] [crit] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[2020-03-27 22:14:46] [crit] at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
[2020-03-27 22:14:46] [crit] at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
[2020-03-27 22:14:46] [warning] Unable to load server configuration from [/var/lib/tomcat9/conf/server.xml]
[2020-03-27 22:14:46] [warning] org.xml.sax.SAXParseException; systemId: file:/var/lib/tomcat9/conf/server.xml; lineNumber: 148; columnNumber: 3; The element type "Service" must be terminated by the matching end-tag "</Service>".
[2020-03-27 22:14:46] [warning] at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1243)
[2020-03-27 22:14:46] [warning] at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:635)
[2020-03-27 22:14:46] [warning] at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1431)
[2020-03-27 22:14:46] [warning] at org.apache.catalina.startup.Catalina.load(Catalina.java:567)
[2020-03-27 22:14:46] [warning] at org.apache.catalina.startup.Catalina.load(Catalina.java:612)
[2020-03-27 22:14:46] [warning] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[2020-03-27 22:14:46] [warning] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[2020-03-27 22:14:46] [warning] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[2020-03-27 22:14:46] [warning] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[2020-03-27 22:14:46] [warning] at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
[2020-03-27 22:14:46] [warning] at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
[2020-03-27 22:14:46] [crit] Cannot start server. Server instance is not configured.