Thank you all for your very thorough responses. I have learned a ton from 2 emails.
I appreciate your time in responding to educate me. Mike. On Thu, Feb 27, 2014 at 10:09 AM, Mark Thomas <ma...@apache.org> wrote: > On 27/02/2014 14:40, Mike Johnson wrote: > > Here's the issue that I'm looking for insight on(I did a workaround that > > seems to work fine, just doesn't make sense why it works differently on > OS > > if Tomcat is portable across OS). > > If you use different configurations - on the same OS or across different > OSes - you will get different behaviour. If you want the same behaviour, > start by using the same configuration. > > > Tomcat 7.0.47 > > Not related to this question but you need to upgrade. > > > Using SSL on a connector, defining the connector like so... > > > > <Connector port="443" > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > enableLookups="false" disableUploadTimeout="true" > > acceptCount="101" debug="0" scheme="https" secure="true" > > SSLEnabled="true" keyAlias="MyAlias" > > keystoreFile="<relative path to file cert file>.pfx" > > keystoreType="pkcs12" > > keystorePass="mypassword" > > clientAuth="false" sslProtocol="TLS" > > /> > > > > Seems as though on Linux, works like a charm... > > > > When I recreate this install on a Windows 2008 R2 box, I get an error > > > > SEVERE: Failed to initialize end point associated with ProtocolHandler > [...] > > java.lang.Exception: Connector attribute SSLCertificateFile must be > defined > > when using SSL with APR > > If you had used protocol="org.apache.coyote.http11.Http11Protocol" then > you'd see the same (working) behaviour on Linux and Windows. > > If you had used protocol="org.apache.coyote.http11.Http11AprProtocol" > then you'd see the same (broken) behaviour on Linux and Windows. > > > I have to take out the following line from the server.xml > > <Listener className="org.apache.catalina.core.AprLifecycleListener" > > SSLEngine="on" /> > > This disables the APR/native library. > > > Now, from what I'm reading(far from an expert here) it looks like APR is > > OpenSSL and if you comment this out, it defaults to JSSE's SSL "stuff". > > Not quite. Disabling that listener disables APR support. In turn, that > removes the possibility of auto switching as described under the > protocol attribute in > http://tomcat.apache.org/tomcat-8.0-doc/config/http.html#Common_Attributes > > > > When I google further, it seems that people are having this issue and > they > > think it's related to how the .pfx file is being read in, text vs binary. > > Then those people would be wrong. > > > Anyway, I've contacted a few colleagues that do the same thing as me at > > other organizations, and they have been able to reproduce this problem. > > > > It just doesn't seem right that I can't do the same thing on a Windows > box. > > You didn't do "the same thing", hence you got a different result. > > > Anyone have any thoughts? > > On Linux you didn't installed the APR/native library so you will be > using the HTTP BIO connector which uses JSSE style configuration for SSL > which is how you configured the HTTPS connector so it works. > > On Windows you did install the APR/native library so you will be using > the HTTP APR connector which uses OpenSSL style configuration for SSL > which is not how you configured the HTTPS connector so it fails. > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Mike Johnson Datatel Programmer/Analyst Northern Ontario School of Medicine 955 Oliver Road Thunder Bay, ON P7B 5E1 Phone: (807) 766-7331 Email: mike.john...@nosm.ca
