On 12/07/2016 10:55, Devendra Sengar wrote:
Hi,

This is regarding the configuration of Tomcat SSL using the APR library on Java 6.

While starting the server I am getting the below error:

SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"] java.lang.Exception: Unable to load certificate key conf/localhost-key.pem (error:02001003:system library:fopen:No such process)

Not sure if Tomcat is using OpenSSL or not...

I am trying to implement SSL using independent libraries for OpenSSL, Tomcat Native and Apache Portable Runtime.

I have downloaded precompiled versions of OpenSSL and Tomcat Native (see them attached). I have tried compiling the Apache Portable Runtime using Visual Studio (find it also attached).

I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for Windows (using the 64-bit distro, not the installer one).

We are restricted by our applicatioin to use Oracle Java 6 Updated 115 64-bit.

That is really unfortunate, given that I don't think there
are current security updates for Java 1.6 (maybe there is
if you pay Oracle for an expensive license/subscription).

The versions of the libraries I am using are the latest available online, again see the binaries attached.

The parameters used in the server.xml file are:

For Tomcat 7.0.6:
<Connector
protocol="org.apache.coyote.http11.Http11AprProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="conf/localhost-cert.pem"
SSLCertificateKeyFile="conf/localhost-key.pem"
SSLCertificateChainFile="conf/ca.crt"
SSLVerifyClient="optional" SSLProtocol="TLSv1"
SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/>

For Tomcat 7.0.70

<Connector
protocol="org.apache.coyote.http11.Http11AprProtocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="conf/localhost-cert.pem"
SSLCertificateKeyFile="conf/localhost-key.pem"
SSLCertificateChainFile="conf/ca.crt"
SSLVerifyClient="optional" SSLProtocol="TLSv1_2"
SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/>

The library files are in the tomcat bin folder as openssl.exe, tcnative-1.dll and libapr-1.dll.

tcnative-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing openssl.exe: https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing libapr-1.dll: https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing

openssl.exe is not the library, it is a command line tool for
doing various things (such as requesting certificates, converting
key file formats etc.)

The library consists of two files with .dll file extension,
libeay32.dll for basic crypto and ssleay32.dll for the actual
SSL/TLS code.


The same certificates files mentioned in the server.xml file were used and work in a brand new Apache web server.

Please let us know your opinion of what can cause those errors?

Can it be because of a APR dll not compiled properly?

Any other idea?


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to