I tried that configuration but getting errrors. NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR version 1.4.6. Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent SEVERE: Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform at org.apache.tomcat.jni.SSL.initialize(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99) at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at org.apache.catalina.startup.Catalina.load(Catalina.java:663) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Sanaullah, > > On 7/25/14, 9:16 AM, Sanaullah wrote: > > httpd is working with HSM with addition of parameter > > SSLCryptoDevice=LunaCA but when i try the same parameter in tomEE. > > TomEE don't recognized this parameters. > > > > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting > > property 'SSLCryptoDevice' to 'LunaCA3' did not find a matching > > property. > > > > Any Idea? > > Try setting SSLEngine="LunaCA3" instead of SSLEngine="on" in your: > > <Listener > class="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > > - -chris > > > On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Sanaullah, > > > > On 7/10/14, 4:19 AM, Sanaullah wrote: > >>>> is there a way i can use pkcs11 supported SmartCard/token > >>>> when using APR based SSL Connector in tomcat ? PEM encoded > >>>> certificates and keys are stored in smartcard. > >>>> > >>>> I know BIO/NIO connectors supported token/HSM but I am > >>>> looking for APR based connectors? > > > > I'm no expert at such configurations, but since tcnative/APR uses > > OpenSSL for its crypto engine, then it can do anything OpenSSL can > > do. Have you been able to configure e.g. httpd to use this kind of > > setup? If so, there ought to be a way to make it happen using > > Tomcat's APR connector. > > > > -chris > >> > >> --------------------------------------------------------------------- > >> > >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJT0nI3AAoJEBzwKT+lPKRYIA4P/3KOY/Tq+cLqR/i22DZijqUA > 5mzghWY2UnV0U091piNteVgpQmLf+299//3g1V3E9xpLmuYMsID3bIURKCR3UZp8 > rSO+IAIqs8hupN1uwM+ngQALGFd2BQ+AJWW2lMgzksCWV9OOuABnN2a0QqN1oQPK > OOI5MjIMrl5O1eLW2IA9Iw/prwCSuvIaxl7v/BRCVYudfzh9unoNmOmhPHpXJ5/c > KKf9dn3k3Fs2Y1WBzzPWK52YD2ooT6p6XaecsDwix01LNaJLS/sCmxz1riHxMxey > nlJKY7AiTOYl/ynGeuZFBxy3okzf6ye/yxVMhw+LY/MKC8OpeBC86QWMBSaL/w2s > 6uJPogprWaLqccuKS3Fs+qAr8i5cgREb/mSb5YxG49OGqtf1xqjQr1cvSu08/qx7 > adfq26LjSZok7tnhDV6Fa/RiSJ0p3Be0jvU5XY4n5WMVAqJcc9Z1QomXpxpc+1oU > KQzVLwIcMTeoyFwEfPKtxjU92Gyk+RlBR/lm/i2QreFXqO3MM2rOvYqKnjol4576 > PRfiH3UbcUTlf6fWLCFB7G58HqTuWIp9eZK2GNY1zh+73pBFNAj7+GA3jnBk68MS > NMJnu7gdgSviWEow9K2eDb2by3cPyXjHhmkmPkX+3B567ZPs4EPDHmYBu5FhtaNw > E/iZZ+RLlTWGfUVk2DdJ > =9d4n > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >