tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Tomcat 6.0.24 SSL Setup issue
Date Wed, 24 Oct 2012 14:26:40 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 24/10/2012 15:00, KumareshGopalsamy wrote:
> Hi Chris
> 
> We are planning to setup JSSE keystore-based certificate 
> configuration so I have removed tcnative-1.dll file in 
> C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\bin path. 
> Still no success, below are the error message

There are no error messages in the logs quoted below.

Mark

> I have attached server.xml in this.
> 
> 
> Error Message 24-Oct-2012 14:52:36 
> org.apache.catalina.core.AprLifecycleListener init INFO: The APR 
> based Apache Tomcat Native library which allows optimal performanc
> e in production environments was not found on the
> java.library.path: C:\Program 
> Files\Java\jdk1.6.0_30\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Window
>
>
> 
s;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\Wi
> ndowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.6.0_30\bin;. 
> 24-Oct-2012 14:52:36 org.apache.coyote.http11.Http11Protocol init 
> INFO: Initializing Coyote HTTP/1.1 on http-8080 24-Oct-2012
> 14:52:38 org.apache.coyote.http11.Http11Protocol init INFO:
> Initializing Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:38 
> org.apache.catalina.startup.Catalina load INFO: Initialization 
> processed in 2702 ms 24-Oct-2012 14:52:38 
> org.apache.catalina.core.StandardService start INFO: Starting
> service Catalina 24-Oct-2012 14:52:38
> org.apache.catalina.core.StandardEngine start INFO: Starting
> Servlet Engine: Apache Tomcat/6.0.24 24-Oct-2012 14:52:38
> org.apache.catalina.startup.HostConfig deployDescriptor INFO:
> Deploying configuration descriptor host-manager.xml 24-Oct-2012 
> 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor 
> INFO: Deploying configuration descriptor manager.xml 24-Oct-2012 
> 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory
> INFO: Deploying web application directory docs 24-Oct-2012
> 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory
> INFO: Deploying web application directory examples 24-Oct-2012
> 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory
> INFO: Deploying web application directory ROOT 24-Oct-2012
> 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO:
> Starting Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:40 
> org.apache.coyote.http11.Http11Protocol start INFO: Starting
> Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:40 
> org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening
> on /0.0.0.0:8009 24-Oct-2012 14:52:40 org.apache.jk.server.JkMain
> start INFO: Jk running ID=0 time=0/32  config=null 24-Oct-2012
> 14:52:40 org.apache.catalina.startup.Catalina start INFO: Server
> startup in 1986 ms
> 
> 
> Thank you
> 
> Regards Kumaresh Gopalsamy
> 
> 
> -----Original Message----- From: Christopher Schultz 
> [mailto:chris@christopherschultz.net] Sent: 24 October 2012 14:42
> To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue
> 
> Kumaresh,
> 
> On 10/24/12 6:38 AM, KumareshGopalsamy wrote:
>> I have followed below steps to setup SSL
> 
>> Details Tomcat 6.0.24 Windows server 2008 R2 Datacenter
> 
> Since you are using SSL, I suspect you are interested in
> protecting your data. You should seriously upgrade to the latest
> Tomcat 6.0.36, as there are known vulnerabilities with your
> version: http://tomcat.apache.org/security-6.html
> 
>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" 
>> maxThreads="150" scheme="https" secure="true" clientAuth="false"
>>  sslProtocol="TLS" keystorePass="changeit" keystoreFile=" 
>> C:\apache-tomcat-6.0.24-windows-x64\key \.keystore"/>
> 
> This is a JSSE keystore-based certificate configuration.
> 
>> 22-Oct-2012 11:21:43
>> org.apache.catalina.core.AprLifecycleListener init INFO: Loaded
>> APR based Apache Tomcat Native library 1.1.19. 22-Oct-2012
>> 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO:
>> APR capabilities: IPv6 [true], sendfile [true], accept filters
>> [false], random [true].
> 
> You are using APR (tcnative).
> 
>> INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012 
>> 11:21:44 org.apache.coyote.http11.Http11AprProtocol init
> 
> Your <Connector> is auto-choosing APR-based HTTP/1.1 protocol.
> 
>> SEVERE: Error initializing endpoint
> 
>> java.lang.Exception: No Certificate file specified or invalid
>> file format
> 
> APR uses a different file format and configuration from the BIO
> and NIO HTTP/1.1 connectors.
> 
> So, either you need to re-do your certificates so that you have 
> separate PEM-encoded files on the disk like httpd does, and
> configure them appropriately 
> (http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS) or you
> need to change your <Connector> to use a non-APR connector like
> this for BIO:
> 
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> 
> Or like this for NIO:
> 
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> 
> Or you can disable APR by commenting-out the <Listener> in 
> server.xml, or you can just remove the tcnative* binaries from
> your Tomcat installation.
> 
> Hope that helps, -chris
> 
> ---------------------------------------------------------------------
>
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> 
> 
> Did you know that the PHS Group offers live and replica Christmas 
> trees through its PHS Greenleaf division? From desk top displays
> to 30ft trees, you can have a stylish Christmas for your premises, 
> without the hassle. Visit http://www.phsgreenleaf.co.uk
> 
> 
> 
> 
> ---------------------------------------------------------------------
>
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQh/qgAAoJEBDAHFovYFnnYM8P/1ZQa9YxLwgLDXtCuePdp0Yj
ob9Unnt3WtHkY+MAeSx/uQ9K2Syz6YQyQmzyc7kDi7rqelKrZfGVBSSR5y0E/Da7
Rj2U32nnXBkXPl2w1fsAqJ6nJ3iTAJkH9bT2txDPTwZwAR8kZVyGgnizaP2Nzhyr
OxZWMohWo7WDj72XQfy6lfhJFqRgFQnM1o4POEqbxZ/hQY23KyjG686t10rwyHML
lfafTlVd4cDbPFW7dYVLN/9mZNo365S+rhpQ5sRAtnPDo5T1IrlnTWwW/oGZCAfu
wAIVorbyC82TpS0X87LuZHx8GT25/6H0fVym/9GfFolCP7VVarYbwayySaSJOtA8
lBT3fZmYoToXBp1mScGPMwoad2ny69L65+Nbqf8B+mOhyYX2P3siT646jE1uEKkr
jSvqmPkKk6XYbIfBOfLfeqzIdPk70tChgO9hnNU5LGhl/JabHfndPP4jslNhxFe7
cEbchW8M1BJ28Kgbm5VCdyxQgCYLgYxEL5hPrhSnBmm0eFW93awl596TULEJwbze
aVT6sJPJ4Iitn9xjedGbXl1hLCdL2SVhRB3XeGyJm+jW9bJbbfNZISiOt+1qzS3h
/AqgITcgP44DUkUOcBsngTs6uvMKmLl6jk4O5ADy1q93HMvx+0dmkyE/dQHYxRgm
IOOL25XR5Wvsnrrrcy06
=yMgu
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message