Mark is correct there are NO tomcat errors in the attached log
but your JSSE is complaining about missing cert or you are implementing a
certificate from a non-CA authrity
you cannot build your KeyMaterial without knowing the full path of the
CA-authority issued cert and the keyFile location and the jksPassword and the
keyPass
public KeyMaterial(File certsFile,
File keyFile,
char[] jksPass,
char[] keyPass)
throws GeneralSecurityException,
IOException
http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/KeyMaterial.html#KeyMaterial%28java.io.File,%20java.io.File,%20char[],%20char[]%29
Martin
______________________________________________
Please do not alter or disrupt this email comunnication
> Subject: RE: Tomcat 6.0.24 SSL Setup issue
> Date: Wed, 24 Oct 2012 15:39:01 +0100
> From: kumareshgopals...@phs.co.uk
> To: users@tomcat.apache.org
> CC: ma...@apache.org
>
> Hi Mark
> Thank you. You are right. It was my mistake as page takes more time to
> load.
>
> But when I shutdown Tomcat from command prompt
>
> C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\bin>shutdown
>
> I could see Apache Tomcat homepage in http://localhost:8080/ but not in
> https://localhost:8443/
>
> Will I continue to see homepage in http://localhost:8080/ after tomcat
> shutdown?
>
>
>
> Regards
> Kumaresh Gopalsamy
>
>
> -----Original Message-----
> From: Mark Thomas [mailto:ma...@apache.org]
> Sent: 24 October 2012 15:27
> To: Tomcat Users List
> Subject: Re: Tomcat 6.0.24 SSL Setup issue
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 24/10/2012 15:00, KumareshGopalsamy wrote:
> > Hi Chris
> >
> > We are planning to setup JSSE keystore-based certificate configuration
>
> > so I have removed tcnative-1.dll file in
> > C:\apache-tomcat-6.0.24-windows-x64\apache-tomcat-6.0.24\bin path.
> > Still no success, below are the error message
>
> There are no error messages in the logs quoted below.
>
> Mark
>
> > I have attached server.xml in this.
> >
> >
> > Error Message 24-Oct-2012 14:52:36
> > org.apache.catalina.core.AprLifecycleListener init INFO: The APR based
>
> > Apache Tomcat Native library which allows optimal performanc e in
> > production environments was not found on the
> > java.library.path: C:\Program
> > Files\Java\jdk1.6.0_30\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32
> > ;C:\Window
> >
> >
> >
> s;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\Sys
> tem32\Wi
> > ndowsPowerShell\v1.0\;C:\Program Files\Java\jdk1.6.0_30\bin;.
> > 24-Oct-2012 14:52:36 org.apache.coyote.http11.Http11Protocol init
> > INFO: Initializing Coyote HTTP/1.1 on http-8080 24-Oct-2012
> > 14:52:38 org.apache.coyote.http11.Http11Protocol init INFO:
> > Initializing Coyote HTTP/1.1 on http-8443 24-Oct-2012 14:52:38
> > org.apache.catalina.startup.Catalina load INFO: Initialization
> > processed in 2702 ms 24-Oct-2012 14:52:38
> > org.apache.catalina.core.StandardService start INFO: Starting service
> > Catalina 24-Oct-2012 14:52:38 org.apache.catalina.core.StandardEngine
> > start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 24-Oct-2012
> > 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor INFO:
> > Deploying configuration descriptor host-manager.xml 24-Oct-2012
> > 14:52:38 org.apache.catalina.startup.HostConfig deployDescriptor
> > INFO: Deploying configuration descriptor manager.xml 24-Oct-2012
> > 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory
> > INFO: Deploying web application directory docs 24-Oct-2012
> > 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory
> > INFO: Deploying web application directory examples 24-Oct-2012
> > 14:52:39 org.apache.catalina.startup.HostConfig deployDirectory
> > INFO: Deploying web application directory ROOT 24-Oct-2012
> > 14:52:40 org.apache.coyote.http11.Http11Protocol start INFO:
> > Starting Coyote HTTP/1.1 on http-8080 24-Oct-2012 14:52:40
> > org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote
> > HTTP/1.1 on http-8443 24-Oct-2012 14:52:40
> > org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on
> > /0.0.0.0:8009 24-Oct-2012 14:52:40 org.apache.jk.server.JkMain start
> > INFO: Jk running ID=0 time=0/32 config=null 24-Oct-2012
> > 14:52:40 org.apache.catalina.startup.Catalina start INFO: Server
> > startup in 1986 ms
> >
> >
> > Thank you
> >
> > Regards Kumaresh Gopalsamy
> >
> >
> > -----Original Message----- From: Christopher Schultz
> > [mailto:ch...@christopherschultz.net] Sent: 24 October 2012 14:42
> > To: Tomcat Users List Subject: Re: Tomcat 6.0.24 SSL Setup issue
> >
> > Kumaresh,
> >
> > On 10/24/12 6:38 AM, KumareshGopalsamy wrote:
> >> I have followed below steps to setup SSL
> >
> >> Details Tomcat 6.0.24 Windows server 2008 R2 Datacenter
> >
> > Since you are using SSL, I suspect you are interested in protecting
> > your data. You should seriously upgrade to the latest Tomcat 6.0.36,
> > as there are known vulnerabilities with your
> > version: http://tomcat.apache.org/security-6.html
> >
> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> >> maxThreads="150" scheme="https" secure="true" clientAuth="false"
> >> sslProtocol="TLS" keystorePass="changeit" keystoreFile="
> >> C:\apache-tomcat-6.0.24-windows-x64\key \.keystore"/>
> >
> > This is a JSSE keystore-based certificate configuration.
> >
> >> 22-Oct-2012 11:21:43
> >> org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR
> >> based Apache Tomcat Native library 1.1.19. 22-Oct-2012
> >> 11:21:43 org.apache.catalina.core.AprLifecycleListener init INFO:
> >> APR capabilities: IPv6 [true], sendfile [true], accept filters
> >> [false], random [true].
> >
> > You are using APR (tcnative).
> >
> >> INFO: Initializing Coyote HTTP/1.1 on http-8080 22-Oct-2012
> >> 11:21:44 org.apache.coyote.http11.Http11AprProtocol init
> >
> > Your <Connector> is auto-choosing APR-based HTTP/1.1 protocol.
> >
> >> SEVERE: Error initializing endpoint
> >
> >> java.lang.Exception: No Certificate file specified or invalid file
> >> format
> >
> > APR uses a different file format and configuration from the BIO and
> > NIO HTTP/1.1 connectors.
> >
> > So, either you need to re-do your certificates so that you have
> > separate PEM-encoded files on the disk like httpd does, and configure
> > them appropriately
> > (http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS) or you need
> > to change your <Connector> to use a non-APR connector like this for
> > BIO:
> >
> > <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> >
> > Or like this for NIO:
> >
> > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> >
> > Or you can disable APR by commenting-out the <Listener> in server.xml,
>
> > or you can just remove the tcnative* binaries from your Tomcat
> > installation.
> >
> > Hope that helps, -chris
> >
> > ---------------------------------------------------------------------
> >
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> >
> >
> >
> > Did you know that the PHS Group offers live and replica Christmas
> > trees through its PHS Greenleaf division? From desk top displays to
> > 30ft trees, you can have a stylish Christmas for your premises,
> > without the hassle. Visit http://www.phsgreenleaf.co.uk
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> >
> >
> >
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJQh/qgAAoJEBDAHFovYFnnYM8P/1ZQa9YxLwgLDXtCuePdp0Yj
> ob9Unnt3WtHkY+MAeSx/uQ9K2Syz6YQyQmzyc7kDi7rqelKrZfGVBSSR5y0E/Da7
> Rj2U32nnXBkXPl2w1fsAqJ6nJ3iTAJkH9bT2txDPTwZwAR8kZVyGgnizaP2Nzhyr
> OxZWMohWo7WDj72XQfy6lfhJFqRgFQnM1o4POEqbxZ/hQY23KyjG686t10rwyHML
> lfafTlVd4cDbPFW7dYVLN/9mZNo365S+rhpQ5sRAtnPDo5T1IrlnTWwW/oGZCAfu
> wAIVorbyC82TpS0X87LuZHx8GT25/6H0fVym/9GfFolCP7VVarYbwayySaSJOtA8
> lBT3fZmYoToXBp1mScGPMwoad2ny69L65+Nbqf8B+mOhyYX2P3siT646jE1uEKkr
> jSvqmPkKk6XYbIfBOfLfeqzIdPk70tChgO9hnNU5LGhl/JabHfndPP4jslNhxFe7
> cEbchW8M1BJ28Kgbm5VCdyxQgCYLgYxEL5hPrhSnBmm0eFW93awl596TULEJwbze
> aVT6sJPJ4Iitn9xjedGbXl1hLCdL2SVhRB3XeGyJm+jW9bJbbfNZISiOt+1qzS3h
> /AqgITcgP44DUkUOcBsngTs6uvMKmLl6jk4O5ADy1q93HMvx+0dmkyE/dQHYxRgm
> IOOL25XR5Wvsnrrrcy06
> =yMgu
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
