On Feb 27, 2014, at 9:40 AM, Mike Johnson <mike.john...@nosm.ca> wrote:
> Hi all, > > New to this listserv. I had jumped the gun and submitted a bug, as I really > do think it is a bug, but I was told to come here first. So I am here :D Best to always start here. > > Anyway, > > Here's the issue that I'm looking for insight on(I did a workaround that > seems to work fine, just doesn't make sense why it works differently on OS > if Tomcat is portable across OS). > > Tomcat 7.0.47 > > Using SSL on a connector, defining the connector like so... > > <Connector port="443" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="101" debug="0" scheme="https" secure="true" > SSLEnabled="true" keyAlias="MyAlias" > keystoreFile="<relative path to file cert file>.pfx" > keystoreType="pkcs12" > keystorePass="mypassword" > clientAuth="false" sslProtocol="TLS" > /> > > Seems as though on Linux, works like a charm... > > When I recreate this install on a Windows 2008 R2 box, I get an error By default Tomcat will look for the APR libraries and if it finds them, it will use them. In this case, it seems like it’s not finding them on your Linux environment and it is finding them on your Windows environment. > SEVERE: Failed to initialize end point associated with ProtocolHandler [...] > java.lang.Exception: Connector attribute SSLCertificateFile must be defined > when using SSL with APR SSL configuration when APR is enabled is different. See here. https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native > > I have to take out the following line from the server.xml > <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> If you don’t want APR enabled I guess that would work. APR does perform better though, especially when using SSL. I’d suggest you just configure it properly. Dan > > Now, from what I'm reading(far from an expert here) it looks like APR is > OpenSSL and if you comment this out, it defaults to JSSE's SSL "stuff". > > When I google further, it seems that people are having this issue and they > think it's related to how the .pfx file is being read in, text vs binary. > > Anyway, I've contacted a few colleagues that do the same thing as me at > other organizations, and they have been able to reproduce this problem. > > It just doesn't seem right that I can't do the same thing on a Windows box. > > Anyone have any thoughts? > > Mike. > > > -- > Mike Johnson > Datatel Programmer/Analyst > Northern Ontario School of Medicine > 955 Oliver Road > Thunder Bay, ON P7B 5E1 > Phone: (807) 766-7331 > Email: mike.john...@nosm.ca --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
