https://bz.apache.org/bugzilla/show_bug.cgi?id=65975
--- Comment #4 from Martin Stangl <martin.sta...@t-base.pro> ---
1)
Reconfigured to only use TLS1.2 and verified that OpenSSL is used:
>From stderr:
APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
OpenSSL successfully initialized [OpenSSL 1.1.1l 24 Aug 2021]
The used TLS version is not shown in the logs - probably need to change some
log config to see it.
Result is still the same.
Full stderr:
2022-03-24 10:25:50 Apache Commons Daemon procrun stderr initialized.
24-Mar-2022 10:25:51.720 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version name:
Apache Tomcat/9.0.60
24-Mar-2022 10:25:51.726 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server built:
Mar 9 2022 14:52:25 UTC
24-Mar-2022 10:25:51.726 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version number:
9.0.60.0
24-Mar-2022 10:25:51.726 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Name:
Windows 10
24-Mar-2022 10:25:51.726 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Version:
10.0
24-Mar-2022 10:25:51.726 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Architecture:
amd64
24-Mar-2022 10:25:51.727 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Java Home:
C:\Program Files\OpenJDK\jdk-17.0.2
24-Mar-2022 10:25:51.727 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
17.0.2+8-86
24-Mar-2022 10:25:51.727 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
Oracle Corporation
24-Mar-2022 10:25:51.727 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 10:25:51.727 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 10:25:51.752 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dcatalina.home=C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 10:25:51.752 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dcatalina.base=C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 10:25:51.752 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.io.tmpdir=C:\Program Files\Apache Software Foundation\Tomcat 9.0\temp
24-Mar-2022 10:25:51.752 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.util.logging.config.file=C:\Program Files\Apache Software
Foundation\Tomcat 9.0\conf\logging.properties
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djavax.net.debug=all
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Duser.language=en -Duser.region=US
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
--add-opens=java.base/java.lang=ALL-UNNAMED
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
--add-opens=java.base/java.io=ALL-UNNAMED
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
exit
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
abort
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Xms128m
24-Mar-2022 10:25:51.753 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Xmx256m
24-Mar-2022 10:25:51.763 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache
Tomcat Native library [1.2.31] using APR version [1.7.0].
24-Mar-2022 10:25:51.763 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities:
IPv6 [true], sendfile [true], accept filters [false], random [true], UDS
[true].
24-Mar-2022 10:25:51.763 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
24-Mar-2022 10:25:51.777 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.1.1l 24 Aug 2021]
24-Mar-2022 10:25:52.164 INFO [main]
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The
["https-openssl-apr-443"] connector has been configured to support negotiation
to [h2] via ALPN
24-Mar-2022 10:25:52.164 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-openssl-apr-443"]
javax.net.ssl|DEBUG|10|main|2022-03-24 10:25:52.458
CET|SunX509KeyManagerImpl.java:160|found key for : tomcat (
"certificate" : {
"version" : "v3",
"serial number" : "032883B4D8C10F02842E587217569586A3DF",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=R3, O=Let's Encrypt, C=US",
"not before" : "2022-03-23 15:15:31.000 CET",
"not after" : "2022-06-21 16:15:30.000 CEST",
"subject" : "CN=dev.intranet.t-base.pro",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://r3.o.lencr.org
,
accessMethod: caIssuers
accessLocation: URIName: http://r3.i.lencr.org/
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D
.....XV..P.@....
0010: 8B 14 C2 C6 ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 63 70 73 2E 6C 65 74
..http://cps.let
0010: 73 65 6E 63 72 79 70 74 2E 6F 72 67 sencrypt.org
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: dev.intranet.t-base.pro
DNSName: education.dev.intranet.t-base.pro
DNSName: tenniscenter.dev.intranet.t-base.pro
DNSName: trainerplattform.dev.intranet.t-base.pro
DNSName: wptest.dev.intranet.t-base.pro
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 56 57 D9 DC 96 22 93 7F 27 7E 6E 59 04 D0 BD 78
VW..."..'.nY...x
0010: 9B B1 85 F9 ....
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "032883B4D8C10F02842E587217569586A3DF",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=R3, O=Let's Encrypt, C=US",
"not before" : "2022-03-23 15:15:31.000 CET",
"not after" : "2022-06-21 16:15:30.000 CEST",
"subject" : "CN=dev.intranet.t-base.pro",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://r3.o.lencr.org
,
accessMethod: caIssuers
accessLocation: URIName: http://r3.i.lencr.org/
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D
.....XV..P.@....
0010: 8B 14 C2 C6 ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 63 70 73 2E 6C 65 74
..http://cps.let
0010: 73 65 6E 63 72 79 70 74 2E 6F 72 67 sencrypt.org
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: dev.intranet.t-base.pro
DNSName: education.dev.intranet.t-base.pro
DNSName: tenniscenter.dev.intranet.t-base.pro
DNSName: trainerplattform.dev.intranet.t-base.pro
DNSName: wptest.dev.intranet.t-base.pro
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 56 57 D9 DC 96 22 93 7F 27 7E 6E 59 04 D0 BD 78
VW..."..'.nY...x
0010: 9B B1 85 F9 ....
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "00912B084ACF0C18A753F6D62E25A75F5A",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=ISRG Root X1, O=Internet Security Research
Group, C=US",
"not before" : "2020-09-04 02:00:00.000 CEST",
"not after" : "2025-09-15 18:00:00.000 CEST",
"subject" : "CN=R3, O=Let's Encrypt, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://x1.i.lencr.org/
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 79 B4 59 E6 7B B6 E5 E4 01 73 80 08 88 C8 1A 58
y.Y......s.....X
0010: F6 E9 9B 6E ...n
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://x1.c.lencr.org/]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D
.....XV..P.@....
0010: 8B 14 C2 C6 ....
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "4001772137D4E942B8EE76AA3C640AB7",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=DST Root CA X3, O=Digital Signature Trust Co.",
"not before" : "2021-01-20 20:14:03.000 CET",
"not after" : "2024-09-30 20:14:03.000 CEST",
"subject" : "CN=ISRG Root X1, O=Internet Security Research
Group, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName:
http://apps.identrust.com/roots/dstrootcax3.p7c
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C4 A7 B1 A4 7B 2C 71 FA DB E1 4B 90 75 FF C4 15
.....,q...K.u...
0010: 60 85 89 10 `...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.identrust.com/DSTROOTCAX3CRL.crl]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 22 68 74 74 70 3A 2F 2F 63 70 73 2E 72 6F 6F
."http://cps.roo
0010: 74 2D 78 31 2E 6C 65 74 73 65 6E 63 72 79 70 74
t-x1.letsencrypt
0020: 2E 6F 72 67 .org
]] ]
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 79 B4 59 E6 7B B6 E5 E4 01 73 80 08 88 C8 1A 58
y.Y......s.....X
0010: F6 E9 9B 6E ...n
]
]
}
]}
)
24-Mar-2022 10:25:52.493 INFO [main] org.apache.catalina.startup.Catalina.load
Server initialization in [1115] milliseconds
24-Mar-2022 10:25:52.562 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Catalina]
24-Mar-2022 10:25:52.562 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine:
[Apache Tomcat/9.0.60]
24-Mar-2022 10:25:52.570 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\docs]
24-Mar-2022 10:25:52.854 FINE [main]
org.apache.catalina.authenticator.AuthenticatorBase.startInternal No
SingleSignOn Valve is present
24-Mar-2022 10:25:53.027 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\docs] has finished in [457] ms
24-Mar-2022 10:25:53.028 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\examples]
24-Mar-2022 10:25:53.419 FINE [main]
org.apache.catalina.authenticator.AuthenticatorBase.startInternal No
SingleSignOn Valve is present
24-Mar-2022 10:25:53.605 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\examples] has finished in [577] ms
24-Mar-2022 10:25:53.606 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\ROOT]
24-Mar-2022 10:25:53.636 FINE [main]
org.apache.catalina.authenticator.AuthenticatorBase.startInternal No
SingleSignOn Valve is present
24-Mar-2022 10:25:53.646 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\ROOT] has finished in [39] ms
24-Mar-2022 10:25:53.650 INFO [main] org.apache.coyote.AbstractProtocol.start
Starting ProtocolHandler ["https-openssl-apr-443"]
24-Mar-2022 10:25:53.663 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in [1169] milliseconds
24-Mar-2022 10:26:07.419 FINE [https-openssl-apr-443-exec-3]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking
request GET /
24-Mar-2022 10:26:07.420 FINE [https-openssl-apr-443-exec-3]
org.apache.catalina.realm.RealmBase.findSecurityConstraints No applicable
constraints defined
24-Mar-2022 10:26:07.434 FINE [https-openssl-apr-443-exec-3]
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations
Loading persistent provider registrations from [C:\Program Files\Apache
Software Foundation\Tomcat 9.0\conf\jaspic-providers.xml]
24-Mar-2022 10:26:07.445 FINE [https-openssl-apr-443-exec-3]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Not subject to any
constraint
24-Mar-2022 10:26:13.024 FINE [https-openssl-apr-443-exec-5]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking
request GET /examples/jsp
24-Mar-2022 10:26:13.025 FINE [https-openssl-apr-443-exec-5]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET /jsp --> false
24-Mar-2022 10:26:13.025 FINE [https-openssl-apr-443-exec-5]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET /jsp --> false
24-Mar-2022 10:26:13.025 FINE [https-openssl-apr-443-exec-5]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET /jsp --> false
24-Mar-2022 10:26:13.025 FINE [https-openssl-apr-443-exec-5]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET /jsp --> false
24-Mar-2022 10:26:13.025 FINE [https-openssl-apr-443-exec-5]
org.apache.catalina.realm.RealmBase.findSecurityConstraints No applicable
constraint located
24-Mar-2022 10:26:13.025 FINE [https-openssl-apr-443-exec-5]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Not subject to any
constraint
24-Mar-2022 10:26:15.731 FINE [https-openssl-apr-443-exec-7]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking
request GET /examples/jsp/security/protected/index.jsp
24-Mar-2022 10:26:15.731 FINE [https-openssl-apr-443-exec-7]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET
/jsp/security/protected/index.jsp --> true
24-Mar-2022 10:26:15.732 FINE [https-openssl-apr-443-exec-7]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET
/jsp/security/protected/index.jsp --> true
24-Mar-2022 10:26:15.732 FINE [https-openssl-apr-443-exec-7]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
hasUserDataPermission()
24-Mar-2022 10:26:15.733 FINE [https-openssl-apr-443-exec-7]
org.apache.catalina.realm.RealmBase.hasUserDataPermission User data
constraint already satisfied
24-Mar-2022 10:26:15.733 FINE [https-openssl-apr-443-exec-7]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
authenticate()
24-Mar-2022 10:26:15.733 FINE [https-openssl-apr-443-exec-7]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed
authenticate() test
2)
a) I replaced the login method in the web.xml
Removed:
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
Added:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
Form shows when accessing the protected URL and login using the certificate DN
and password as set in tomcat-users.xml works.
b) changed back to CLIENT-CERT and set certificateVerification="required"
Client cert is requested when accessing the protected URL and access is
granted.
So misconfiguration seems to be unlikely, except some configuration is missing
which is also not part of the default installation and nobody talks about
(means I have not found any hint of something else when researching
configuration examples).
Full stderr of the succesfull authentication with
certificateVerification="required":
2022-03-24 11:09:37 Apache Commons Daemon procrun stderr initialized.
24-Mar-2022 11:09:37.718 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version name:
Apache Tomcat/9.0.60
24-Mar-2022 11:09:37.721 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server built:
Mar 9 2022 14:52:25 UTC
24-Mar-2022 11:09:37.721 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version number:
9.0.60.0
24-Mar-2022 11:09:37.721 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Name:
Windows 10
24-Mar-2022 11:09:37.722 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Version:
10.0
24-Mar-2022 11:09:37.722 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Architecture:
amd64
24-Mar-2022 11:09:37.722 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Java Home:
C:\Program Files\OpenJDK\jdk-17.0.2
24-Mar-2022 11:09:37.722 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
17.0.2+8-86
24-Mar-2022 11:09:37.722 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
Oracle Corporation
24-Mar-2022 11:09:37.722 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 11:09:37.722 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 11:09:37.731 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dcatalina.home=C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Dcatalina.base=C:\Program Files\Apache Software Foundation\Tomcat 9.0
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.io.tmpdir=C:\Program Files\Apache Software Foundation\Tomcat 9.0\temp
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djava.util.logging.config.file=C:\Program Files\Apache Software
Foundation\Tomcat 9.0\conf\logging.properties
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Djavax.net.debug=all
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Duser.language=en -Duser.region=US
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
--add-opens=java.base/java.lang=ALL-UNNAMED
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
--add-opens=java.base/java.io=ALL-UNNAMED
24-Mar-2022 11:09:37.732 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
24-Mar-2022 11:09:37.733 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
exit
24-Mar-2022 11:09:37.733 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
abort
24-Mar-2022 11:09:37.733 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Xms128m
24-Mar-2022 11:09:37.733 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line argument:
-Xmx256m
24-Mar-2022 11:09:37.736 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache
Tomcat Native library [1.2.31] using APR version [1.7.0].
24-Mar-2022 11:09:37.736 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities:
IPv6 [true], sendfile [true], accept filters [false], random [true], UDS
[true].
24-Mar-2022 11:09:37.737 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
configuration: useAprConnector [false], useOpenSSL [true]
24-Mar-2022 11:09:37.742 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.1.1l 24 Aug 2021]
24-Mar-2022 11:09:38.034 INFO [main]
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The
["https-openssl-apr-443"] connector has been configured to support negotiation
to [h2] via ALPN
24-Mar-2022 11:09:38.034 INFO [main] org.apache.coyote.AbstractProtocol.init
Initializing ProtocolHandler ["https-openssl-apr-443"]
javax.net.ssl|DEBUG|10|main|2022-03-24 11:09:38.243
CET|SunX509KeyManagerImpl.java:160|found key for : tomcat (
"certificate" : {
"version" : "v3",
"serial number" : "032883B4D8C10F02842E587217569586A3DF",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=R3, O=Let's Encrypt, C=US",
"not before" : "2022-03-23 15:15:31.000 CET",
"not after" : "2022-06-21 16:15:30.000 CEST",
"subject" : "CN=dev.intranet.t-base.pro",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://r3.o.lencr.org
,
accessMethod: caIssuers
accessLocation: URIName: http://r3.i.lencr.org/
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D
.....XV..P.@....
0010: 8B 14 C2 C6 ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 63 70 73 2E 6C 65 74
..http://cps.let
0010: 73 65 6E 63 72 79 70 74 2E 6F 72 67 sencrypt.org
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: dev.intranet.t-base.pro
DNSName: education.dev.intranet.t-base.pro
DNSName: tenniscenter.dev.intranet.t-base.pro
DNSName: trainerplattform.dev.intranet.t-base.pro
DNSName: wptest.dev.intranet.t-base.pro
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 56 57 D9 DC 96 22 93 7F 27 7E 6E 59 04 D0 BD 78
VW..."..'.nY...x
0010: 9B B1 85 F9 ....
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "032883B4D8C10F02842E587217569586A3DF",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=R3, O=Let's Encrypt, C=US",
"not before" : "2022-03-23 15:15:31.000 CET",
"not after" : "2022-06-21 16:15:30.000 CEST",
"subject" : "CN=dev.intranet.t-base.pro",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
},
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://r3.o.lencr.org
,
accessMethod: caIssuers
accessLocation: URIName: http://r3.i.lencr.org/
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D
.....XV..P.@....
0010: 8B 14 C2 C6 ....
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 63 70 73 2E 6C 65 74
..http://cps.let
0010: 73 65 6E 63 72 79 70 74 2E 6F 72 67 sencrypt.org
]] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
},
{
ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: dev.intranet.t-base.pro
DNSName: education.dev.intranet.t-base.pro
DNSName: tenniscenter.dev.intranet.t-base.pro
DNSName: trainerplattform.dev.intranet.t-base.pro
DNSName: wptest.dev.intranet.t-base.pro
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 56 57 D9 DC 96 22 93 7F 27 7E 6E 59 04 D0 BD 78
VW..."..'.nY...x
0010: 9B B1 85 F9 ....
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "00912B084ACF0C18A753F6D62E25A75F5A",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=ISRG Root X1, O=Internet Security Research
Group, C=US",
"not before" : "2020-09-04 02:00:00.000 CEST",
"not after" : "2025-09-15 18:00:00.000 CEST",
"subject" : "CN=R3, O=Let's Encrypt, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://x1.i.lencr.org/
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 79 B4 59 E6 7B B6 E5 E4 01 73 80 08 88 C8 1A 58
y.Y......s.....X
0010: F6 E9 9B 6E ...n
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://x1.c.lencr.org/]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[] ]
]
},
{
ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
serverAuth
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 14 2E B3 17 B7 58 56 CB AE 50 09 40 E6 1F AF 9D
.....XV..P.@....
0010: 8B 14 C2 C6 ....
]
]
}
]},
"certificate" : {
"version" : "v3",
"serial number" : "4001772137D4E942B8EE76AA3C640AB7",
"signature algorithm": "SHA256withRSA",
"issuer" : "CN=DST Root CA X3, O=Digital Signature Trust Co.",
"not before" : "2021-01-20 20:14:03.000 CET",
"not after" : "2024-09-30 20:14:03.000 CEST",
"subject" : "CN=ISRG Root X1, O=Internet Security Research
Group, C=US",
"subject public key" : "RSA",
"extensions" : [
{
ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName:
http://apps.identrust.com/roots/dstrootcax3.p7c
]
]
},
{
ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C4 A7 B1 A4 7B 2C 71 FA DB E1 4B 90 75 FF C4 15
.....,q...K.u...
0010: 60 85 89 10 `...
]
]
},
{
ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
},
{
ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.identrust.com/DSTROOTCAX3CRL.crl]
]]
},
{
ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.23.140.1.2.1]
[] ]
[CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 22 68 74 74 70 3A 2F 2F 63 70 73 2E 72 6F 6F
."http://cps.roo
0010: 74 2D 78 31 2E 6C 65 74 73 65 6E 63 72 79 70 74
t-x1.letsencrypt
0020: 2E 6F 72 67 .org
]] ]
]
},
{
ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
},
{
ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 79 B4 59 E6 7B B6 E5 E4 01 73 80 08 88 C8 1A 58
y.Y......s.....X
0010: F6 E9 9B 6E ...n
]
]
}
]}
)
24-Mar-2022 11:09:38.265 INFO [main] org.apache.catalina.startup.Catalina.load
Server initialization in [752] milliseconds
24-Mar-2022 11:09:38.322 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Catalina]
24-Mar-2022 11:09:38.322 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine:
[Apache Tomcat/9.0.60]
24-Mar-2022 11:09:38.335 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\docs]
24-Mar-2022 11:09:38.546 FINE [main]
org.apache.catalina.authenticator.AuthenticatorBase.startInternal No
SingleSignOn Valve is present
24-Mar-2022 11:09:38.652 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\docs] has finished in [316] ms
24-Mar-2022 11:09:38.653 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\examples]
24-Mar-2022 11:09:39.009 FINE [main]
org.apache.catalina.authenticator.AuthenticatorBase.startInternal No
SingleSignOn Valve is present
24-Mar-2022 11:09:39.309 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\examples] has finished in [656] ms
24-Mar-2022 11:09:39.309 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\ROOT]
24-Mar-2022 11:09:39.356 FINE [main]
org.apache.catalina.authenticator.AuthenticatorBase.startInternal No
SingleSignOn Valve is present
24-Mar-2022 11:09:39.369 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [C:\Program Files\Apache Software Foundation\Tomcat
9.0\webapps\ROOT] has finished in [59] ms
24-Mar-2022 11:09:39.373 INFO [main] org.apache.coyote.AbstractProtocol.start
Starting ProtocolHandler ["https-openssl-apr-443"]
24-Mar-2022 11:09:39.387 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in [1122] milliseconds
24-Mar-2022 11:24:15.003 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Security checking
request GET /examples/jsp/security/protected/index.jsp
24-Mar-2022 11:24:15.003 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET
/jsp/security/protected/index.jsp --> true
24-Mar-2022 11:24:15.003 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.findSecurityConstraints Checking
constraint 'SecurityConstraint[Protected Area]' against GET
/jsp/security/protected/index.jsp --> true
24-Mar-2022 11:24:15.010 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.loadPersistentRegistrations
Loading persistent provider registrations from [C:\Program Files\Apache
Software Foundation\Tomcat 9.0\conf\jaspic-providers.xml]
24-Mar-2022 11:24:15.021 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
hasUserDataPermission()
24-Mar-2022 11:24:15.022 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.hasUserDataPermission User data
constraint already satisfied
24-Mar-2022 11:24:15.023 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
authenticate()
24-Mar-2022 11:24:15.027 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.CombinedRealm.authenticate Attempting to authenticate
user [EMAILADDRESS=martin.sta...@t-base.pro, CN=Martin Stangl, CN=Users,
DC=intranet, DC=t-base, DC=pro] with realm
[org.apache.catalina.realm.UserDatabaseRealm]
24-Mar-2022 11:24:15.028 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.authenticate Authenticating client
certificate chain
24-Mar-2022 11:24:15.028 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.authenticate Checking validity for
'EMAILADDRESS=martin.sta...@t-base.pro, CN=Martin Stangl, CN=Users,
DC=intranet, DC=t-base, DC=pro'
24-Mar-2022 11:24:15.028 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.getPrincipal Got user name from X509
certificate: [EMAILADDRESS=martin.sta...@t-base.pro, CN=Martin Stangl,
CN=Users, DC=intranet, DC=t-base, DC=pro]
24-Mar-2022 11:24:15.032 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.CombinedRealm.authenticate Authenticated user
[EMAILADDRESS=martin.sta...@t-base.pro, CN=Martin Stangl, CN=Users,
DC=intranet, DC=t-base, DC=pro] with realm
[org.apache.catalina.realm.UserDatabaseRealm]
24-Mar-2022 11:24:15.032 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.authenticator.AuthenticatorBase.register Authenticated
'EMAILADDRESS=martin.sta...@t-base.pro, CN=Martin Stangl, CN=Users,
DC=intranet, DC=t-base, DC=pro' with type 'CLIENT_CERT'
24-Mar-2022 11:24:15.032 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Calling
accessControl()
24-Mar-2022 11:24:15.032 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.hasResourcePermission Checking roles
GenericPrincipal[EMAILADDRESS=martin.sta...@t-base.pro, CN=Martin Stangl,
CN=Users, DC=intranet, DC=t-base, DC=pro()]
24-Mar-2022 11:24:15.032 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.hasRole Username
[EMAILADDRESS=martin.sta...@t-base.pro, CN=Martin Stangl, CN=Users,
DC=intranet, DC=t-base, DC=pro] has role [user]
24-Mar-2022 11:24:15.032 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.realm.RealmBase.hasResourcePermission Role found: user
24-Mar-2022 11:24:15.032 FINE [https-openssl-apr-443-exec-4]
org.apache.catalina.authenticator.AuthenticatorBase.invoke Successfully passed
all security constraints
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
