cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tomcat 9 of CCO manager is not restarting after renewing certificates

Go to solution
gunther_sandtner2
Product and Topic Expert
Product and Topic Expert

on ‎2023 Aug 29 10:48 AM

0 Kudos
412

We are running CCO manager with an Apache Tomcat on version 9.0.63.

We have replaced old wildcard certificates with new ones. Now, after restarting Apache Tomcat, Tomcat and CCO manager are not started anymore. In the error log we find this stack:

Caused by: java.io.IOException: overrun, bytes = 925

at java.base/javax.crypto.EncryptedPrivateKeyInfo.<init>(Unknown Source)

at org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:204)

at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:146)

at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:98)

at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:316)

at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)

at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:105)

... 20 more

What do we need to do to fix this? In the past we were running on Tomcat 9.0.45 here these issues did not occur.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
maximilian_gregor
Newcomer
‎2023 Aug 29 1:50 PM

Hi Gunther,

we had a similar problem with a customer. For this an unencrypted PRIVKEY file had to be used. The Tomcat has a problem with the RSA encryption in this version.

We have proceeded as follows:

1. Stop Tomcat

2. Swap the certificate and the Privkey file (without encryption) in the relevant folder

3. Start Tomcat

Public-Key Cryptography Standard #1: RSA Procedure - public-key procedure based on the RSA algorithm - mechanisms for signing and encrypting data.

Public-Key Cryptography Standard #8: Private-Key Information Syntax - Standard describing the syntax of a private key and its attributes.

in the following links the topic is already described:

https://web.archive.org/web/20140819203300/https://polarssl.org/kb/cryptography/asn1-key-structures-...

https://stackoverflow.com/questions/48958304/pkcs1-and-pkcs8-format-for-rsa-private-key

Best regards

Maximilian Gregor

Show replies
Show replies
Ask a Question