You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Andrew Eells <ae...@qmetric.co.uk> on 2011/08/30 14:44:53 UTC

SSL configuration / APR / Tomcat 7.0.17

Tomcat 7.0.16
Linux x86_64 GNU/Linux (Amazon AWS 64-bit AMI)

APR is definitely correctly installed, without the SSL configuration I
receive the following log info:
INFO: Loaded APR based Apache Tomcat Native library 1.1.20.
30-Aug-2011 13:22:47 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].


I am unable to start Tomcat having followed the SSL How-to (
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html) and receive the
following stack trace on server start:

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:912)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781)
 at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:101)
at org.apache.catalina.startup.Catalina.load(Catalina.java:572)
 at org.apache.catalina.startup.Catalina.load(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:430)
Caused by: java.lang.Exception: Unable to load certificate key
/usr/local/tomcat/conf/my.pem (error:0906D06C:PEM routines:PEM_read_bio:no
start line)
 at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:513)
 at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:490)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:364)
 at org.apache.catalina.connector.Connector.initInternal(Connector.java:910)
... 13 more

As per the documentation, my server.xml configuration is as follows:

<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />

<Connector
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           SSLCertificateFile="/usr/local/tomcat/conf/my.crt"
           SSLCertificateKeyFile="/usr/local/tomcat/conf/my.pem"
           clientAuth="optional" SSLProtocol="TLSv1"/>

I have tried removing redundant parameters as per the HTTP Connector SSL
Support (
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL%20Support) but
still receive the same error.

Any pointers gratefully received.

Best regards,


-- 

*Andrew Eells*


32-38 Dukes Place, London, EC3A 7LP

tel:           +44 (0) 845 475 1415
mobile:    +44 (0) 772 555 1809
web:         www.qmetric.co.uk<http://www.google.com/url?q=http%3A%2F%2Fwww.qmetric.co.uk%2F&sa=D&sntz=1&usg=AFrqEzfNWYcveHajt6MLZJ_d6wzsSDVW3Q>
<http://www.google.com/url?q=http%3A%2F%2Fwww.qmetric.co.uk%2F&sa=D&sntz=1&usg=AFrqEzfNWYcveHajt6MLZJ_d6wzsSDVW3Q>


Follow me on:

 <http://www.linkedin.com/in/eells>   <http://www.twitter.com/tech_startup>
   <http://www.andrew-eells.com>

----------------------------------------------------------------------------------

The information in this email is confidential and may be legally privileged.  It is intended solely for the addressee.  Access to this email by anyone else is unauthorised.  If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful.
 
QMetric Group Limited company number 07151701 the registered office of which is at 32-38 Dukes Place, London, United Kingdom, EC3A 7LP.

Re: SSL configuration / APR / Tomcat 7.0.17

Posted by Marvin Addison <ma...@gmail.com>.

> <Connector
>           port="8443" maxThreads="200"
>           scheme="https" secure="true" SSLEnabled="true"
>           SSLCertificateFile="/usr/local/tomcat/conf/my.crt"
>           SSLCertificateKeyFile="/usr/local/tomcat/conf/my.pem"
>           clientAuth="optional" SSLProtocol="TLSv1"/>
>

Things to check:
 - my.pem file must be readable the user under which Tomcat runs
 - Ensure my.pem is a valid private key file using OpenSSL or similar.
 I don't believe encrypted private keys are supported in the APR
connector, so make sure there's no password-based encryption on the
key.

M

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org