Return-Path: 
 <users-return-249120-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E1C3E11AB7
	for <apmail-tomcat-users-archive@www.apache.org>;
 Fri, 25 Jul 2014 13:17:24 +0000 (UTC)
Received: (qmail 22250 invoked by uid 500); 25 Jul 2014 13:17:16 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 22193 invoked by uid 500); 25 Jul 2014 13:17:15 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 22182 invoked by uid 99); 25 Jul 2014 13:17:15 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jul 2014 13:17:15 +0000
X-ASF-Spam-Status: No, hits=1.7 required=5.0
	tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of sanaullah82@gmail.com
 designates 209.85.192.45 as permitted sender)
Received: from [209.85.192.45] (HELO mail-qg0-f45.google.com) (209.85.192.45)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jul 2014 13:17:13 +0000
Received: by mail-qg0-f45.google.com with SMTP id f51so4957332qge.4
        for <users@tomcat.apache.org>; Fri, 25 Jul 2014 06:16:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=ybRHFgTttkMCsphJx3Tf3w05dUpG5fTiQoizsPaBVZ4=;
        b=DZ7j3GdYIKhDSJq9Ddzdsm/bJOQRwnxqHBwtTmsNoad10dMycOCLPSdooHaVGjjR2m
         dpZO8UbC6MjvN+iiCYOUZkXH9ZUOcHqShCaNPdNgvq/YXP27+xIj0oL5g5AomiB81cXO
         IvPmyJt7BcVccTS0DvsjFN/hGuONdWKs7yT4P0Vi5GrzLNmRpAAXJVYnL4KQQsfjX4yS
         K/ry5GXWVgjrI+Wn/gpuliXvJdWP4E3lP0d5VlL5Brt/jjsfg7ZJi+ms5+H3rmuJk0GR
         0O/2pp09y23WT/wna3IA0nqKsSzaWBZMcaXKg43YwXN9zWMzavRdQiWRo15zAGeS/oU1
         exzQ==
MIME-Version: 1.0
X-Received: by 10.224.61.144 with SMTP id t16mr27660498qah.2.1406294208454;
 Fri, 25 Jul 2014 06:16:48 -0700 (PDT)
Received: by 10.96.82.225 with HTTP; Fri, 25 Jul 2014 06:16:48 -0700 (PDT)
In-Reply-To: <53BEA5D6.8070509@christopherschultz.net>
References: 
 <CABUMjvBR+c+o4GQDvejxz2+NVjNmgEoednSWrw0OKv1ec_VtZA@mail.gmail.com>
	<53BEA5D6.8070509@christopherschultz.net>
Date: Fri, 25 Jul 2014 18:16:48 +0500
Message-ID: 
 <CABUMjvC8fSUoK4Q-FTy_Lm1Rk4j6sM2Nxkj1YmyoORPJ8AKf3g@mail.gmail.com>
Subject: Re: APR with PKCS11 support
From: Sanaullah <sanaullah82@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: multipart/alternative; boundary=047d7bdc7caebed1aa04ff04626c
X-Virus-Checked: Checked by ClamAV on apache.org

--047d7bdc7caebed1aa04ff04626c
Content-Type: text/plain; charset=UTF-8

Hi Chris,

httpd is working with HSM with addition of parameter
SSLCryptoDevice=LunaCA  but when i try the same parameter in tomEE. TomEE
don't recognized this parameters.

WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLCryptoDevice' to 'LunaCA3' did not find a matching property.

Any Idea?

Regards,
Sanaullah






On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sanaullah,
>
> On 7/10/14, 4:19 AM, Sanaullah wrote:
> > is there a way i can use pkcs11 supported SmartCard/token when
> > using APR based SSL Connector in tomcat ? PEM encoded certificates
> > and keys are stored in smartcard.
> >
> > I know BIO/NIO connectors supported token/HSM but I am  looking for
> > APR based connectors?
>
> I'm no expert at such configurations, but since tcnative/APR uses
> OpenSSL for its crypto engine, then it can do anything OpenSSL can do.
> Have you been able to configure e.g. httpd to use this kind of setup?
> If so, there ought to be a way to make it happen using Tomcat's APR
> connector.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJTvqXWAAoJEBzwKT+lPKRY91AP/0StCi50JhOl0/cWSKDLoIFp
> fB18Yp1W/M72Km0TktBgpB1vGJry3aEyjaZfqL6rUpkhMouuGLKT3gFw1nNLKzw4
> g0b9ZbV7FJFIjyUNtEIIzD172TX6jf5Huh0dsPWpITqMpWiLdcrx825HGan9iUM1
> pjkdy+NIUcSWveBi2pWlw2GuAe2lMmEPRyAn1E5TuO32RKmivoFAIoobpz9Eho/T
> IdvwKa2zTOhYqhti35Bx9lMFfFP/1j5vwV8DHb8z28xFts3JsK2fEYCSbvW4nbRP
> ASKen6ibIBDlHTqFQzxKjeImmn6m5u1/MPjoE1YOJATkf/HL8M6WQF0JCI10nSzh
> xAwgQYUO77H4B+r6aRAhn0YaPpy3XdOdsjxrQeCF6IRWzwwUOyqWcNroNgiNnXLd
> xgzhxoH5RcMAE2F8941CnrPzqUOsPA18lmqvQUCZ2Qv6hZ8Tfp2Qysciz5Wj7Zn+
> QuFzAZQ85Vb0SbLK+JG9f6L5OUJQZcD2jeVwSHFXy333X0CgCwOQfkLRp13ugmOp
> DIt3Mbt5t1KpvWeNesmAAiAtcgbt9ubrcC+CsX4XE+egZMpc1Nl3uhW9n8GU+sgS
> eWXNVP0liJGQccehw7nHui8xDFcFbquhvWyAaSsDu+8RthL1sySSo+nVYEjni8WY
> eY83nmjfecWeS81bCvqu
> =44eq
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

--047d7bdc7caebed1aa04ff04626c--