I again started working on SSLEngine with safenet and i need some help, how
to enable the debugging? I configure the engine as "LunaCA3".
<Listener class="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="LunaCA3" />
Here is error log after starting the server.
Oct 29, 2014 1:40:21 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.31 using APR
version 1.5.1.
Oct 29, 2014 1:40:22 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Oct 29, 2014 1:40:22 PM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
SEVERE: Failed to initialize the SSLEngine.
org.apache.tomcat.jni.Error: 70023: This function has not been implemented
on this platform
at org.apache.tomcat.jni.SSL.initialize(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)
at
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Oct 29, 2014 1:40:22 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8080"]
Oct 29, 2014 1:40:23 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Oct 29, 2014 1:40:23 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-apr-8443"]
java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is
enabled in the AprLifecycleListener, the AprLifecycleListener has
initialised cor$
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:503)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: java.lang.Exception: Invalid Server SSL Protocol
(error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines)
at org.apache.tomcat.jni.SSLContext.make(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:498)
... 16 more
Regards,
Sanaullah
On Wed, Aug 6, 2014 at 5:12 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sunaullah,
>
> On 7/26/14, 4:50 AM, Sanaullah wrote:
> > I tried that configuration but getting errrors.
>
> I just want you to know that you haven't been forgotten: I'm on
> vacation for a bit but I'd really like to take a look at this issue
> when I return.
>
> In the meantime, feel free to check out the tcnative code if you want
> to see what is going on, or someone else could chime-in and give an
> opinion (or -- *gasp* -- a proposed patch!).
>
> Thanks,
> - -chris
>
> > NFO: Loaded APR based Apache Tomcat Native library 1.1.30 using APR
> > version 1.4.6. Jul 23, 2014 3:06:40 AM
> > org.apache.catalina.core.AprLifecycleListener init INFO: APR
> > capabilities: IPv6 [true], sendfile [true], accept filters [false],
> > random [true]. Jul 23, 2014 3:06:40 AM
> > org.apache.catalina.core.AprLifecycleListener lifecycleEvent
> > SEVERE: Failed to initialize the SSLEngine.
> > org.apache.tomcat.jni.Error: 70023: This function has not been
> > implemented on this platform at
> > org.apache.tomcat.jni.SSL.initialize(Native Method) at
> > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> >
> >
> at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >
> >
> at java.lang.reflect.Method.invoke(Method.java:606)
> > at
> >
> org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:270)
> >
> >
> at
> >
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:124)
> >
> >
> at
> >
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
> >
> >
> at
> >
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
> >
> >
> at
> >
> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
> >
> >
> at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
> > at org.apache.catalina.startup.Catalina.load(Catalina.java:638) at
> > org.apache.catalina.startup.Catalina.load(Catalina.java:663) at
> > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
> >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> >
> >
> at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >
> >
> at java.lang.reflect.Method.invoke(Method.java:606)
> > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
> > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
> >
> >
> >
> > On Fri, Jul 25, 2014 at 8:05 PM, Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> > Sanaullah,
> >
> > On 7/25/14, 9:16 AM, Sanaullah wrote:
> >>>> httpd is working with HSM with addition of parameter
> >>>> SSLCryptoDevice=LunaCA but when i try the same parameter in
> >>>> tomEE. TomEE don't recognized this parameters.
> >>>>
> >>>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector}
> >>>> Setting property 'SSLCryptoDevice' to 'LunaCA3' did not find
> >>>> a matching property.
> >>>>
> >>>> Any Idea?
> >
> > Try setting SSLEngine="LunaCA3" instead of SSLEngine="on" in your:
> >
> > <Listener class="org.apache.catalina.core.AprLifecycleListener"
> > SSLEngine="on" />
> >
> > -chris
> >
> >>>> On Thu, Jul 10, 2014 at 7:40 PM, Christopher Schultz <
> >>>> ch...@christopherschultz.net> wrote:
> >>>>
> >>>> Sanaullah,
> >>>>
> >>>> On 7/10/14, 4:19 AM, Sanaullah wrote:
> >>>>>>> is there a way i can use pkcs11 supported
> >>>>>>> SmartCard/token when using APR based SSL Connector in
> >>>>>>> tomcat ? PEM encoded certificates and keys are stored
> >>>>>>> in smartcard.
> >>>>>>>
> >>>>>>> I know BIO/NIO connectors supported token/HSM but I am
> >>>>>>> looking for APR based connectors?
> >>>>
> >>>> I'm no expert at such configurations, but since tcnative/APR
> >>>> uses OpenSSL for its crypto engine, then it can do anything
> >>>> OpenSSL can do. Have you been able to configure e.g. httpd to
> >>>> use this kind of setup? If so, there ought to be a way to
> >>>> make it happen using Tomcat's APR connector.
> >>>>
> >>>> -chris
> >>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>>
> >>>>>
> >
> >>>>>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >>>>> For additional commands, e-mail:
> >>>>> users-h...@tomcat.apache.org
> >>>>>
> >>>>>
> >>>>
> >>
> >> ---------------------------------------------------------------------
> >>
> >>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJT4XLjAAoJEBzwKT+lPKRYmFkP/2/C0lSRB17qjX3F3IC8CCUK
> 1ROyaFgdEMQHWtv6Ri9pKSTPhty60W69pDdz4WGTl7AYnrmkuzdaTA8OdG5RxrzM
> iEgmhrj9VRJE8qEwsXkbaVNytcxG1guesygUH8RODOdlA9yfbamkpR8wWqFjXwwp
> 8xiFbEr+I6cIMliznEAwD1rtry4u+usFRVPPG892v1h6TLOp0I//TSq/7G4Iwmhs
> 9wnK+1acNlC4rAIgNI1fgXv/Rgel3nn9KIQk3y4KM7HGx0BVVOBu+Hl335wMv9N6
> eNoQPe+v7/gfs6iADwG/ROPZcYU+4iRSzZeQjzu5E29NWJs7bD1/CtcxkPK9s9EW
> MsXJ7u3CP+OPomtriS/5Vcceb2rS28JtjWbAtnbyu6T4lJmEsLcX4YaTTfBwoWd3
> F2X8olHB7P+gPCSKZurkt8uNXOVKdpQgljWfJeqFsEyvyXArwk1OBKYHDBgt8uTE
> ML9Jrcs5QDPFDi/3MXgU/QV/OKqCeNVdsntS51NJ8uVE9nTfqgy9e5fcQGJR7hYA
> tqmzqwTbJvkfSouvxYuJIo04ZCFjMFrps8qhhO8eZ8AsCGU0U7T8hn1Y+BimNGp9
> LEVt2TUm0OmnR3tFKDBXGozDLQ3Ql62BzvdugRE2UOQ6XoxaHWb+0u472Pwdk+A1
> mnaWoqQDNYfJrS1A4XDp
> =ASDY
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
