Re: Facing issue while configuring SSL
If i am giving the full path of the certificate like c:/tomcat/conf/ then its taking the file, as the error i was getting "SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"]" that's no more. But the tomcat server is started without any error but won't able to open the home page of tomcat giving the error like: This site can’t be reached The webpage at *https://:8443/* might be temporarily down or it may have moved permanently to a new web address. If i telnet the server then its not able to connect but if i use openssl s_client -connect it shows the certificate information. Any suggestion? Thanks, Devendra On Wed, Jul 13, 2016 at 1:54 PM, André Warnier (tomcat) <a...@ice-sa.com> wrote: > On 13.07.2016 07:02, Devendra Sengar wrote: > >> File is there and permission is also fine and having proper openssl.cnf. >> >> Any other view? >> > > Really "shooting in the dark" here, since I am neither a Windows nor an > SSL specialist : > The error message mentions "no such process". Assuming (and that may be a > naive assumption) that the error message reflects the reality, could it not > be that the handling of these SSL keys/cartificates under Windows, requires > some background Windows "cryptographic service" to be active, and that it > is not ? > (or some DLL to be found somewhere, where it isn't) > > > >> Thanks, >> Devendra >> >> On Tue, Jul 12, 2016 at 9:10 PM, André Warnier (tomcat) <a...@ice-sa.com> >> wrote: >> >> On 12.07.2016 16:33, Harrie Robins wrote: >>> >>> java.lang.Exception: Unable to load certificate key >>>> conf/localhost-key.pem (error:02001003:system library:fopen:No such >>>> process >>>> >>>> If I'm correct you are either missing correct rights to this file or it >>>> is not in the given location. >>>> A second possibility is missing password for key file. >>>> >>>> >>> Alternatively, searching Google for error:02001003, there are a number of >>> hits there which point to the same kind of message, most of which seem to >>> be for Windows and OpenSSL, and most of which mention the need for a >>> proper >>> "openssl.cnf" in the proper location. >>> This may or may not be relevant to your problem. >>> >>> >>> >>> SSLPassword="pass" >>>> >>>> Regards, >>>> >>>> Harrie >>>> >>>> -Original Message- >>>> From: Devendra Sengar [mailto:dssen...@gmail.com] >>>> Sent: dinsdag 12 juli 2016 10:50 >>>> To: users@tomcat.apache.org >>>> Subject: Facing issue while configuring SSL >>>> >>>> Hi, >>>> >>>> This is regarding the configuration of Tomcat SSL using the APR library >>>> on Java 6. >>>> >>>> While starting the server I am getting the below error: >>>> >>>> SEVERE: Failed to initialize end point associated with ProtocolHandler >>>> ["http-apr-443"] >>>> java.lang.Exception: Unable to load certificate key >>>> conf/localhost-key.pem (error:02001003:system library:fopen:No such >>>> process) >>>> >>>> I am trying to implement SSL using independent libraries for OpenSSL, >>>> Tomcat Native and Apache Portable Runtime. >>>> >>>> I have downloaded precompiled versions of OpenSSL and Tomcat Native (see >>>> them attached). I have tried compiling the Apache Portable Runtime using >>>> Visual Studio (find it also attached). >>>> >>>> I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for >>>> Windows (using the 64-bit distro, not the installer one). >>>> >>>> We are restricted by our applicatioin to use Oracle Java 6 Updated 115 >>>> 64-bit. >>>> >>>> The versions of the libraries I am using are the latest available >>>> online, >>>> again see the binaries attached. >>>> >>>> The parameters used in the server.xml file are: >>>> >>>> For Tomcat 7.0.6: >>>> >>> protocol="org.apache.coyote.http11.Http11AprProtocol" >>>> port="443" maxThreads="200" >>>> scheme="https" secure="true" SSLEnabled="true" >>>> SSLCertificateFile="conf/localhost-cert.pem" >>>> SSLCertificateKeyFi
Re: Facing issue while configuring SSL
File is there and permission is also fine and having proper openssl.cnf. Any other view? Thanks, Devendra On Tue, Jul 12, 2016 at 9:10 PM, André Warnier (tomcat) <a...@ice-sa.com> wrote: > On 12.07.2016 16:33, Harrie Robins wrote: > >> java.lang.Exception: Unable to load certificate key >> conf/localhost-key.pem (error:02001003:system library:fopen:No such process >> >> If I'm correct you are either missing correct rights to this file or it >> is not in the given location. >> A second possibility is missing password for key file. >> > > Alternatively, searching Google for error:02001003, there are a number of > hits there which point to the same kind of message, most of which seem to > be for Windows and OpenSSL, and most of which mention the need for a proper > "openssl.cnf" in the proper location. > This may or may not be relevant to your problem. > > > >> SSLPassword="pass" >> >> Regards, >> >> Harrie >> >> -Original Message- >> From: Devendra Sengar [mailto:dssen...@gmail.com] >> Sent: dinsdag 12 juli 2016 10:50 >> To: users@tomcat.apache.org >> Subject: Facing issue while configuring SSL >> >> Hi, >> >> This is regarding the configuration of Tomcat SSL using the APR library >> on Java 6. >> >> While starting the server I am getting the below error: >> >> SEVERE: Failed to initialize end point associated with ProtocolHandler >> ["http-apr-443"] >> java.lang.Exception: Unable to load certificate key >> conf/localhost-key.pem (error:02001003:system library:fopen:No such process) >> >> I am trying to implement SSL using independent libraries for OpenSSL, >> Tomcat Native and Apache Portable Runtime. >> >> I have downloaded precompiled versions of OpenSSL and Tomcat Native (see >> them attached). I have tried compiling the Apache Portable Runtime using >> Visual Studio (find it also attached). >> >> I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for >> Windows (using the 64-bit distro, not the installer one). >> >> We are restricted by our applicatioin to use Oracle Java 6 Updated 115 >> 64-bit. >> >> The versions of the libraries I am using are the latest available online, >> again see the binaries attached. >> >> The parameters used in the server.xml file are: >> >> For Tomcat 7.0.6: >> >protocol="org.apache.coyote.http11.Http11AprProtocol" >>port="443" maxThreads="200" >>scheme="https" secure="true" SSLEnabled="true" >>SSLCertificateFile="conf/localhost-cert.pem" >>SSLCertificateKeyFile="conf/localhost-key.pem" >>SSLCertificateChainFile="conf/ca.crt" >>SSLVerifyClient="optional" SSLProtocol="TLSv1" >>SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> >> >> For Tomcat 7.0.70 >> >> >protocol="org.apache.coyote.http11.Http11AprProtocol" >>port="443" maxThreads="200" >>scheme="https" secure="true" SSLEnabled="true" >>SSLCertificateFile="conf/localhost-cert.pem" >>SSLCertificateKeyFile="conf/localhost-key.pem" >>SSLCertificateChainFile="conf/ca.crt" >>SSLVerifyClient="optional" SSLProtocol="TLSv1_2" >>SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> >> >> The library files are in the tomcat bin folder as openssl.exe, >> tcnative-1.dll and libapr-1.dll. >> >> tcnative-1.dll: >> >> https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing >> openssl.exe: >> >> https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing >> libapr-1.dll: >> >> https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing >> >> >> The same certificates files mentioned in the server.xml file were used >> and work in a brand new Apache web server. >> >> Please let us know your opinion of what can cause those errors? >> >> Can it be because of a APR dll not compiled properly? >> >> Any other idea? >> >> Thanks, >> Devendra >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Facing issue while configuring SSL
Hi, This is regarding the configuration of Tomcat SSL using the APR library on Java 6. While starting the server I am getting the below error: SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"] java.lang.Exception: Unable to load certificate key conf/localhost-key.pem (error:02001003:system library:fopen:No such process) I am trying to implement SSL using independent libraries for OpenSSL, Tomcat Native and Apache Portable Runtime. I have downloaded precompiled versions of OpenSSL and Tomcat Native (see them attached). I have tried compiling the Apache Portable Runtime using Visual Studio (find it also attached). I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for Windows (using the 64-bit distro, not the installer one). We are restricted by our applicatioin to use Oracle Java 6 Updated 115 64-bit. The versions of the libraries I am using are the latest available online, again see the binaries attached. The parameters used in the server.xml file are: For Tomcat 7.0.6: For Tomcat 7.0.70 The library files are in the tomcat bin folder as openssl.exe, tcnative-1.dll and libapr-1.dll. tcnative-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing openssl.exe: https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing libapr-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing The same certificates files mentioned in the server.xml file were used and work in a brand new Apache web server. Please let us know your opinion of what can cause those errors? Can it be because of a APR dll not compiled properly? Any other idea? Thanks, Devendra
