On 12/07/2016 10:55, Devendra Sengar wrote: > Hi, > > This is regarding the configuration of Tomcat SSL using the APR > library on Java 6. > > While starting the server I am getting the below error: > > SEVERE: Failed to initialize end point associated with ProtocolHandler > ["http-apr-443"] > java.lang.Exception: Unable to load certificate key > conf/localhost-key.pem (error:02001003:system library:fopen:No such > process) > Not sure if Tomcat is using OpenSSL or not... > I am trying to implement SSL using independent libraries for OpenSSL, > Tomcat Native and Apache Portable Runtime. > > I have downloaded precompiled versions of OpenSSL and Tomcat Native > (see them attached). I have tried compiling the Apache Portable > Runtime using Visual Studio (find it also attached). > > I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit > for Windows (using the 64-bit distro, not the installer one). > > We are restricted by our applicatioin to use Oracle Java 6 Updated 115 > 64-bit. > That is really unfortunate, given that I don't think there are current security updates for Java 1.6 (maybe there is if you pay Oracle for an expensive license/subscription). > The versions of the libraries I am using are the latest available > online, again see the binaries attached. > > The parameters used in the server.xml file are: > > For Tomcat 7.0.6: > <Connector > protocol="org.apache.coyote.http11.Http11AprProtocol" > port="443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > SSLCertificateFile="conf/localhost-cert.pem" > SSLCertificateKeyFile="conf/localhost-key.pem" > SSLCertificateChainFile="conf/ca.crt" > SSLVerifyClient="optional" SSLProtocol="TLSv1" > SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> > > For Tomcat 7.0.70 > > <Connector > protocol="org.apache.coyote.http11.Http11AprProtocol" > port="443" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > SSLCertificateFile="conf/localhost-cert.pem" > SSLCertificateKeyFile="conf/localhost-key.pem" > SSLCertificateChainFile="conf/ca.crt" > SSLVerifyClient="optional" SSLProtocol="TLSv1_2" > SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> > > The library files are in the tomcat bin folder as openssl.exe, > tcnative-1.dll and libapr-1.dll. > > tcnative-1.dll: > https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing > openssl.exe: > https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing > libapr-1.dll: > https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing > openssl.exe is not the library, it is a command line tool for doing various things (such as requesting certificates, converting key file formats etc.) The library consists of two files with .dll file extension, libeay32.dll for basic crypto and ssleay32.dll for the actual SSL/TLS code. > > The same certificates files mentioned in the server.xml file were used > and work in a brand new Apache web server. > > Please let us know your opinion of what can cause those errors? > > Can it be because of a APR dll not compiled properly? > > Any other idea? > Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160712/0f24eca8/attachment.html>
