Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5C58A11A78 for ; Sat, 26 Jul 2014 08:50:40 +0000 (UTC) Received: (qmail 52390 invoked by uid 500); 26 Jul 2014 08:50:36 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 52290 invoked by uid 500); 26 Jul 2014 08:50:36 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 52273 invoked by uid 99); 26 Jul 2014 08:50:36 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 Jul 2014 08:50:36 +0000 X-ASF-Spam-Status: No, hits=1.7 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of sanaullah82@gmail.com designates 209.85.192.54 as permitted sender) Received: from [209.85.192.54] (HELO mail-qg0-f54.google.com) (209.85.192.54) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 Jul 2014 08:50:34 +0000 Received: by mail-qg0-f54.google.com with SMTP id z60so6230232qgd.41 for ; Sat, 26 Jul 2014 01:50:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cwGzm34rGyavrR9YEd7++plcaWisIPkHh4x7PVBns04=; b=BehoIReT/FlQS+NLtfAqQYRw8SqMeX0bqiCTVel9e6j69UBFQ+vBuUsUumsyWU054O dWg4fLvGED7m6JqTEBPR4Ujjq4F11+/GjahUT9tWBjM/1Rp560E1kXGwYbnuiFSMzKBl jky7qCkU0HaAf6Sn5Jqe1fXBAbLN+riflscR6umrVRjptt5LhQm48qcy2gcWKWx6+ej6 pMO4aUwJt6r7d75oCSgmukpzR0/rRMVqNufLFUnDR2DWUIjp9xg78X3xVnGVlT3IkNSG 8DQJVFFy1muAVb92kAhiiGLWn7QWU41SycwoSl80t0Yf9UYRXv522kJDcOmxJ7BUSt9s RUEg== MIME-Version: 1.0 X-Received: by 10.224.19.197 with SMTP id c5mr36361802qab.20.1406364608858; Sat, 26 Jul 2014 01:50:08 -0700 (PDT) Received: by 10.96.82.225 with HTTP; Sat, 26 Jul 2014 01:50:08 -0700 (PDT) In-Reply-To: <53D27239.1060802@christopherschultz.net> References: <53BEA5D6.8070509@christopherschultz.net> <53D27239.1060802@christopherschultz.net> Date: Sat, 26 Jul 2014 13:50:08 +0500 Message-ID: Subject: Re: APR with PKCS11 support From: Sanaullah To: Tomcat Users List Content-Type: multipart/alternative; boundary=001a11c1f1eeef8edf04ff14c6dd X-Virus-Checked: Checked by ClamAV on apache.org --001a11c1f1eeef8edf04ff14c6dd Content-Type: text/plain; charset=UTF-8 I tried that configuration but getting errrors. NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR version 1.4.6. Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jul 23, 2014 3:06:40 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent SEVERE: Failed to initialize the SSLEngine. org.apache.tomcat.jni.Error: 70023: This function has not been implemented on this platform at org.apache.tomcat.jni.SSL.initialize(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270) at org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99) at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at org.apache.catalina.startup.Catalina.load(Catalina.java:663) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454) On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz < chris@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Sanaullah, > > On 7/25/14, 9:16 AM, Sanaullah wrote: > > httpd is working with HSM with addition of parameter > > SSLCryptoDevice=LunaCA but when i try the same parameter in tomEE. > > TomEE don't recognized this parameters. > > > > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting > > property 'SSLCryptoDevice' to 'LunaCA3' did not find a matching > > property. > > > > Any Idea? > > Try setting SSLEngine="LunaCA3" instead of SSLEngine="on" in your: > > class="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > > - -chris > > > On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz < > > chris@christopherschultz.net> wrote: > > > > Sanaullah, > > > > On 7/10/14, 4:19 AM, Sanaullah wrote: > >>>> is there a way i can use pkcs11 supported SmartCard/token > >>>> when using APR based SSL Connector in tomcat ? PEM encoded > >>>> certificates and keys are stored in smartcard. > >>>> > >>>> I know BIO/NIO connectors supported token/HSM but I am > >>>> looking for APR based connectors? > > > > I'm no expert at such configurations, but since tcnative/APR uses > > OpenSSL for its crypto engine, then it can do anything OpenSSL can > > do. Have you been able to configure e.g. httpd to use this kind of > > setup? If so, there ought to be a way to make it happen using > > Tomcat's APR connector. > > > > -chris > >> > >> --------------------------------------------------------------------- > >> > >> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >> For additional commands, e-mail: users-help@tomcat.apache.org > >> > >> > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJT0nI3AAoJEBzwKT+lPKRYIA4P/3KOY/Tq+cLqR/i22DZijqUA > 5mzghWY2UnV0U091piNteVgpQmLf+299//3g1V3E9xpLmuYMsID3bIURKCR3UZp8 > rSO+IAIqs8hupN1uwM+ngQALGFd2BQ+AJWW2lMgzksCWV9OOuABnN2a0QqN1oQPK > OOI5MjIMrl5O1eLW2IA9Iw/prwCSuvIaxl7v/BRCVYudfzh9unoNmOmhPHpXJ5/c > KKf9dn3k3Fs2Y1WBzzPWK52YD2ooT6p6XaecsDwix01LNaJLS/sCmxz1riHxMxey > nlJKY7AiTOYl/ynGeuZFBxy3okzf6ye/yxVMhw+LY/MKC8OpeBC86QWMBSaL/w2s > 6uJPogprWaLqccuKS3Fs+qAr8i5cgREb/mSb5YxG49OGqtf1xqjQr1cvSu08/qx7 > adfq26LjSZok7tnhDV6Fa/RiSJ0p3Be0jvU5XY4n5WMVAqJcc9Z1QomXpxpc+1oU > KQzVLwIcMTeoyFwEfPKtxjU92Gyk+RlBR/lm/i2QreFXqO3MM2rOvYqKnjol4576 > PRfiH3UbcUTlf6fWLCFB7G58HqTuWIp9eZK2GNY1zh+73pBFNAj7+GA3jnBk68MS > NMJnu7gdgSviWEow9K2eDb2by3cPyXjHhmkmPkX+3B567ZPs4EPDHmYBu5FhtaNw > E/iZZ+RLlTWGfUVk2DdJ > =9d4n > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --001a11c1f1eeef8edf04ff14c6dd--