Hi, If you use APR, the private key & certificate should be in PEM format as documented in http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS
*SSLCertificateFile* Name of the file that contains the server certificate. The format is PEM-encoded. SSLCertificateKeyFile Name of the file that contains the server private key. The format is PEM-encoded. The default value is the value of "SSLCertificateFile" and in this case both certificate and private key have to be in this file (NOT RECOMMENDED). On 11 May 2011 15:31, Lunita <hoshi.uts...@gmail.com> wrote: > Hi again, > > I followed many docs, the Tomcat's official web was not clear enough for > me. > With SSLEngine="on" I'm having this problem: > > SEVERE: Catalina.start > LifecycleException: Protocol handler initialization failed: > java.lang.Exception: Unable to load certificate key > /opt/apache-tomcat-5.5.33/conf/xWiki.cer (error:0906D06C:PEM > routines:PEM_read_bio:no start line) > > > Does Tomcat support .cer certificates o must be PEM? Strange thing is that > the cert. file is .cer, but the error complains about PEM. > > Thanx in advance. > > > 2011/5/10 Konstantin Kolinko <knst.koli...@gmail.com> > > > 2011/5/10 Lunita <hoshi.uts...@gmail.com>: > > > Hi all! > > > > > > I amb trying to configure SSL for Tomcat Manager with APR. I have a > weird > > > problem, port 8443 is listening, but no HTTPS over there! 8080 and 8443 > > > ports are open with HTTP > > > > > > I compiled tomcat native with this configure: > > > > > > "--prefix=/opt/tomcat/" \ > > > "--with-apr=/opt/apr-1.4.2/" \ > > > "--with-ssl=/usr" \ > > > "--with-java-home=/usr/java/jdk1.6.0_23/" \ > > > "--libdir=/usr/lib" \ > > > > > > > > > At startup, Tomcat load OK the library: > > > > > > INFO: Loaded APR based Apache Tomcat Native library 1.1.20. > > > May 10, 2011 6:36:07 PM org.apache.catalina.core.AprLifecycleListener > > init > > > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters > > > [false], random [true]. > > > May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init > > > INFO: Initializing Coyote HTTP/1.1 on http-8080 > > > May 10, 2011 6:36:07 PM org.apache.coyote.http11.Http11AprProtocol init > > > INFO: Initializing Coyote HTTP/1.1 on http-8443 > > > > > > My config at server.xml looks OK ... > > > > > > <Connector port="8443" maxHttpHeaderSize="8192" > > > maxThreads="200" minSpareThreads="25" maxSpareThreads="75" > > > scheme="https" secure="true" SSLEnabled="true" > > > > > > SSLCertificateFile="/opt/apache-tomcat-5.5.33/conf/tomcat.key.noPasswd" > > > SSLCertificateKeyFile="/opt/apache-tomcat-5.5.33/conf/XX.cer" > > > clientAuth="false" SSLProtocol="TLSv1"/> > > > > > > > > > Any help? I'm really lost =( > > > > Configuration of APR/OpenSSL (aka "native") connector with SSL is > > documented in > > http://tomcat.apache.org/tomcat-5.5-doc/apr.html#HTTPS > > > > Apparently you are missing SSLEngine="on" > > > > Note, that Tomcat 5.5 does not warn about any unknown attributes etc. > > (Tomcat 6 and later do give warnings), so you should read the > > configuration docs carefully. > > > > What documentation you have followed? (Maybe something needs > > amendments / corrections there?) > > > > Best regards, > > Konstantin Kolinko > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > >
