Я генерирую ключи и сертификат: (OpenSSL будет запрашивать пароль)
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem
Настроить Tomcat 9:
<Connector port="8441" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true">
<SSLHostConfig>
<Certificate
certificateFile="/home/user/cert.pem"
certificateKeyFile="/home/user/key.pem"
certificateKeyPassword="PEM pass phrase"/>
</SSLHostConfig>
</Connector>
Когда я запускаю Tomcat, я получаю:
[main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-jsse-nio-8441"]
[main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8441]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
...
Caused by: java.lang.IllegalArgumentException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
...
Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257)
at sun.security.util.DerInputStream.getOID(DerInputStream.java:314)
at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
at org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:138)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:106)
at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:74)
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:295)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
... 20 more
Но, если я сгенерирую ключи без шифрования: (-nodes)
openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem
И сконфигурирую Tomcat следующим образом:
<Connector port="8441" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true">
<SSLHostConfig>
<Certificate
certificateFile="/home/user/cert.pem"
certificateKeyFile="/home/user/key.pem"/>
</SSLHostConfig>
</Connector>
Работает нормально:
[main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-jsse-nio-8441"]
[main] org.apache.catalina.startup.Catalina.load Server initialization in [824] milliseconds
[main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8441"]
[main] org.apache.catalina.startup.Catalina.start Server startup in [387] milliseconds
В Tomcat 8.0 я использовал для создания зашифрованных ключей, и они всегда работали.В Tomcat 9 есть некоторые изменения в файле конфигурации .Не знаю, что не так.