Re: Tomcat7 APR Connectors Config: Unable to load certificate key conf/key1cert.pem

[Goo Sam Kong]

Hi Scott,

The exception was caused by wrong setting in your original HTTPS connector
settings...

In Mark's email, you need to put conf/key1cert.pem in SSLCertificateFile
attribute and conf/key1.pem in SSLCertificateKeyFile attribute.


2010/11/24 Scott Li <scott...@gwghk.com>

> thanks Mark Thomas and Goo Sam Kong
>
> I followed  Goo Sam Kong 's config  still have errors:
>
> Loaded APR based Apache Tomcat Native library 1.1.20.
> 2010-11-24 17:38:43 org.apache.catalina.core.AprLifecycleListener init
> 信息: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
> 2010-11-24 17:38:43 org.apache.coyote.http11.Http11AprProtocol init
> 严重: Error initializing endpoint
> java.lang.Exception: Unable to load certificate key
> D:\TDDownload\apache-tomcat-7.0.4\conf\key1cert.pem (error:0906D06C:PEM
> routines:PEM_read_bio:no start line)
>  at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
>  at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:501)
>  at
> org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:80)
>  at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:873)
>  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
>  at
>
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:542)
>  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
>  at
>
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:717)
>  at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:100)
>  at org.apache.catalina.startup.Catalina.load(Catalina.java:544)
>  at org.apache.catalina.startup.Catalina.load(Catalina.java:567)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>  at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>  at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>  at java.lang.reflect.Method.invoke(Method.java:597)
>  at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:262)
>  at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:417)
> 2010-11-24 17:38:43 org.apache.catalina.core.StandardService initInternal
> 严重: Failed to initialize connector [Connector[HTTP/1.1-443]]
> LifecycleException:  Protocol handler initialization failed:
> java.lang.Exception: Unable to load certificate key
> D:\TDDownload\apache-tomcat-7.0.4\conf\key1cert.pem (error:0906D06C:PEM
> routines:PEM_read_bio:no start line)
>  at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:875)
>
>
> update config as follow,
>
> <Connector port="443" maxHttpHeaderSize="8192"
>   maxThreads="150" minSpareThreads="25"
>   enableLookups="false" disableUploadTimeout="true"
>   acceptCount="100" scheme="https" secure="true"
>   clientAuth="false"
>    SSLEnabled="true"
>   protocol="org.apache.coyote.http11.Http11AprProtocol"
>    SSLCertificateFile="D:\TDDownload\apache-tomcat-7.0.4\conf\key1.pem"
>
> SSLCertificateKeyFile="D:\TDDownload\apache-tomcat-7.0.4\conf\key1cert.pem"
>    SSLPassword="test"
>  />
>
>  <Connector port="8009" enableLookups="false" redirectPort="443"
> protocol="AJP/1.3" />
>
> I find my SSLCertificateFile is *.pem, and Goo Sam Kong's crt, key, how do
> you create these files, not use OpenSSL?
>
>
> 在 2010年11月24日 下午5:10，Goo Sam Kong <skgo...@gmail.com>写道：
>
> > Hi Scott,
> >
> > My working HTTPS connector using APR settings as below:
> >
> >    <Connector port="8443"
> >               protocol="org.apache.coyote.http11.Http11AprProtocol"
> >               SSLEnabled="true"
> >               maxThreads="150"
> >               scheme="https"
> >               secure="true"
> >               SSLCertificateFile="C:\usr\tomcat\tomcat.crt"
> >               SSLCertificateKeyFile="C:\usr\tomcat\tomcat.key"
> >               SSLPassword="123456"
> >    />
> >
> > Try to remove SSLEngine attribute and add protocol attribute, then
> re-start
> > Tomcat.
> >
> > --
> > Thanks & Regards,
> >
> > Scott Li
> >
>