Clay, On 4/7/22 13:50, Clay Lehman wrote:
Chris, Thanks for your help so far! I am digging into this some more today.First off, once i started bulding APR from source instead of doing "yum install apr-devel" - my main linking issue went away. so I think we are getting close!! Now I am struggling to get Spring Boot's embedded Tomcat to startup in the APR mode. Most of the blogs and docs i find are older and seem to be out of date, or are otherwise not about embedded tomcat. With these JVM Params: -Djava.library.path="/usr/lib/tcnative/lib" -Dserver.ssl.certificate-key-file="/testkey.pem" -Dserver.ssl.certificate-file="/testcert.pem" Spring Boot / Tomcat fails to start with this error: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.boot.web.server.WebServerException: Could not load key store 'null' I have found tomcat notes on using this connector: <!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" SSLCertificateFile="/usr/local/ssl/server.crt" SSLCertificateKeyFile="/usr/local/ssl/server.pem" SSLVerifyClient="optional" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/> But have not been able to figure out the right JVM params to tell Spring Boot to work in that manner.
You may have to ask Spring Boot about that. Sorry.
I am now trying setting up both .crt/.pem files AND ALSO the .pk12 to see what happens....
Wrapping the PEM files into .p12 files shouldn't be too onerous. If that works, good. But I wonder why the PEM files aren't working. "Could not load key store null" seems like the certificate-key-file either isn't a valid option, or isn't being applied as expected.
-chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
