tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sanaullah <sanaulla...@gmail.com>
Subject Re: APR with PKCS11 support
Date Sat, 26 Jul 2014 08:50:08 GMT
I tried that configuration but getting errrors.

NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR version
1.4.6.
Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
SEVERE: Failed to initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented
on this platform
        at org.apache.tomcat.jni.SSL.initialize(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)
        at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)
        at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
        at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
        at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
        at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)



On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sanaullah,
>
> On 7/25/14, 9:16 AM, Sanaullah wrote:
> > httpd is working with HSM with addition of parameter
> > SSLCryptoDevice=LunaCA  but when i try the same parameter in tomEE.
> > TomEE don't recognized this parameters.
> >
> > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting
> > property 'SSLCryptoDevice' to 'LunaCA3' did not find a matching
> > property.
> >
> > Any Idea?
>
> Try setting SSLEngine="LunaCA3" instead of SSLEngine="on" in your:
>
>   <Listener
>      class="org.apache.catalina.core.AprLifecycleListener"
>      SSLEngine="on" />
>
> - -chris
>
> > On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> > Sanaullah,
> >
> > On 7/10/14, 4:19 AM, Sanaullah wrote:
> >>>> is there a way i can use pkcs11 supported SmartCard/token
> >>>> when using APR based SSL Connector in tomcat ? PEM encoded
> >>>> certificates and keys are stored in smartcard.
> >>>>
> >>>> I know BIO/NIO connectors supported token/HSM but I am
> >>>> looking for APR based connectors?
> >
> > I'm no expert at such configurations, but since tcnative/APR uses
> > OpenSSL for its crypto engine, then it can do anything OpenSSL can
> > do. Have you been able to configure e.g. httpd to use this kind of
> > setup? If so, there ought to be a way to make it happen using
> > Tomcat's APR connector.
> >
> > -chris
> >>
> >> ---------------------------------------------------------------------
> >>
> >>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJT0nI3AAoJEBzwKT+lPKRYIA4P/3KOY/Tq+cLqR/i22DZijqUA
> 5mzghWY2UnV0U091piNteVgpQmLf+299//3g1V3E9xpLmuYMsID3bIURKCR3UZp8
> rSO+IAIqs8hupN1uwM+ngQALGFd2BQ+AJWW2lMgzksCWV9OOuABnN2a0QqN1oQPK
> OOI5MjIMrl5O1eLW2IA9Iw/prwCSuvIaxl7v/BRCVYudfzh9unoNmOmhPHpXJ5/c
> KKf9dn3k3Fs2Y1WBzzPWK52YD2ooT6p6XaecsDwix01LNaJLS/sCmxz1riHxMxey
> nlJKY7AiTOYl/ynGeuZFBxy3okzf6ye/yxVMhw+LY/MKC8OpeBC86QWMBSaL/w2s
> 6uJPogprWaLqccuKS3Fs+qAr8i5cgREb/mSb5YxG49OGqtf1xqjQr1cvSu08/qx7
> adfq26LjSZok7tnhDV6Fa/RiSJ0p3Be0jvU5XY4n5WMVAqJcc9Z1QomXpxpc+1oU
> KQzVLwIcMTeoyFwEfPKtxjU92Gyk+RlBR/lm/i2QreFXqO3MM2rOvYqKnjol4576
> PRfiH3UbcUTlf6fWLCFB7G58HqTuWIp9eZK2GNY1zh+73pBFNAj7+GA3jnBk68MS
> NMJnu7gdgSviWEow9K2eDb2by3cPyXjHhmkmPkX+3B567ZPs4EPDHmYBu5FhtaNw
> E/iZZ+RLlTWGfUVk2DdJ
> =9d4n
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message