have a new tomcat6.0.34 setup I'm configuring on my CentOS 6.3 (64
bit). I've downloaded a series of CRLs for the certificate authorities
I am using, converted them from DER to PEM with openssl:
openssl crl -inform DER -outform PEM -in f1.der -out f1.pem_crl
openssl crl -inform DER -outform PEM -in f2.der -out f2.pem_crl
I then build a crl bundle with all the pem_crls (ends up with a 283 MB crl):
cat *.pem_crl > CRL-bundle.crl
Finally, I move it to /etc/ssl/certs
mv CRL-bundle.crl /etc/ssl/certs
I configure my connector as follows:
<Connector port="8080" protocol="HTTP/1.1"
SSLEnabled="true"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
acceptCount="100"
disableUploadTimeout="true"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/xml,application/x-javascript,application/javascript"
connectionTimeout="20000"
secure="true"
keystorePass="mykeystorepass"
truststoreFile="/etc/ssl/certs/my.truststore"
truststorePass="mytruststorepass"
clientAuth="true"
sslProtocol="TLS"
crlFile="/etc/ssl/certs/CRL-bundle.crl"
redirectPort="8443" />
When I try to start tomcat6 like that, only one entry appears in my catalina.out
Nov 20, 2012 8:58:29 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path:
/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
If I remove the crlFile reference in the server.xml, everything works
fine (except crl lookups of course). The system starts up, the app is
accessible, it prompts for the certificate...
Any thoughts on why it would be failing like that would be appreciated.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
