https://bz.apache.org/bugzilla/show_bug.cgi?id=62479
Bug ID: 62479
Summary: Using pkcs12 format truststore on connector yields
exception "the trustAnchors parameter must be
non-empty"
Product: Tomcat 9
Version: 9.0.1
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: nicolas.therr...@motorolasolutions.com
Target Milestone: -----
Created attachment 35977
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35977&action=edit
Generate-Certificates.ps1
I have set up a Tomcat 9 server with TLS client authentication
(certificateRequired) and noticed that if we try to use a pkcs12 truststore we
get a fatal exception that says "the trustAnchors parameter must be non-empty".
This exception does not occur when using jks instead of pkcs12 as the container
type.
Same certificates, same generation methods, just a different keystore type.
I am attaching:
server.xml
server_truststore.p12
server_truststore.jks
Generate-Certificates.ps1 script
And here are the command lines used to generate those files:
&$jdkpath\bin\keytool.exe -importcert -file
$certificates_dir/simulators_server.crt -alias simulators_server -trustcacerts
-noprompt -keystore $certificates_dir/server_truststore.jks -storepass
$storepassword
&$jdkpath\bin\keytool.exe -importcert -file
$certificates_dir/simulators_server.crt -alias simulators_server -trustcacerts
-noprompt -keystore $certificates_dir/server_truststore.p12 -storetype pkcs12
-storepass $storepassword
Password for the stores is P@33word!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
