Thanks for the suggestion. I made my SSL Connector look more like the Connector you sent, and I am still getting the exact same "Invalid Server SSL Protocol" error.
The changes that I made, which had no effect, were: - added protocol="org.apache.coyote.http11.Http11AprProtocol" - changed sslProtocol from "TLS" to "TLSv1.2" - changed SSLCertificateChainFile to SSLCACertificateFile On Wed, Dec 17, 2014 at 6:20 PM, Sanaullah <sanaulla...@gmail.com> wrote: > > Hi Mike. > > here is my working configuration with APR. > > > <Connector port="7443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxThreads="150" SSLEnabled="true" scheme="https" > secure="true" > clientAuth="true" sslProtocol="TLSv1.2" > SSLCertificateFile="/opt/_cdrom_apache/certs/dev-apr.pem" > SSLCertificateKeyFile="/opt/_cdrom_apache/certs/key.pem" > SSLCACertificateFile="/opt/_cdrom_apache/certs/CA.pem" > /> > > I hope this will work for you. > > Regards, > Sanaullah > > > On Thu, Dec 18, 2014 at 6:15 AM, Mike Wertheim <m...@hyperreal.org> wrote: > > > > I should have included this in the previous message. > > > > The AprLifecycleListener is declared in server.xml like this: > > <Listener className="org.apache.catalina.core.AprLifecycleListener" > > SSLEngine="on" /> > > > > > > > > > > On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim <m...@hyperreal.org> wrote: > > > > > > I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with > > > APR. (I'm using JDK 1.8.0.25 on CentOS.) > > > > > > My first step was to upgrade to Tomcat Native library 1.1.32 and APR > > 1.5.1 > > > while still using Tomcat 7.0.41. This combination works great. My > > webapp > > > starts up and is accessible using either SSL or non-SSL. > > > > > > Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library > 1.1.32 > > > and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of > > > catalina.out are a message that shows that Tomcat Native library 1.1.32 > > and > > > APR 1.5.1 are indeed in use. My webapp starts up and is accessible > using > > > non-SSL requests, but SSL requests don't work. > > > > > > When I saw that SSL wasn't working, I looked in catalina.out and saw > > this: > > > > > > org.apache.coyote.AbstractProtocol.init Failed to initialize end point > > > associated with ProtocolHandler ["http-apr-8443"] > > > java.lang.Exception: Unable to create SSLContext. Check that SSLEngine > > is > > > enabled in the AprLifecycleListener, the AprLifecycleListener has > > > initialised correctly and that a valid SSLProtocol has been specified > > > at > > > org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) > > > at > > > > > > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) > > > [...] > > > Caused by: java.lang.Exception: Invalid Server SSL Protocol > > > (error:00000000:lib(0):func(0):reason(0 > > > )) > > > at org.apache.tomcat.jni.SSLContext.make(Native Method) > > > at > > > org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) > > > > > > > > > The SSL Connector in server.xml looks like this: > > > <Connector port="8443" URIEncoding="utf-8" > > > maxKeepAliveRequests="3" keepAliveTimeout="3000" > > > scheme="https" secure="true" SSLEnabled="true" > > > SSLCertificateFile="/home/scuser/ssl/cert.crt" > > > SSLCertificateKeyFile="/home/scuser/ssl/cert.key" > > > > > > SSLCertificateChainFile="/home/scuser/ssl/intermediateCA.cer" > > > clientAuth="false" sslProtocol="TLS"/> > > > > > > Can anyone see what might be going wrong? > > > > > > > > > Thanks, > > > Mike > > > > > > > > >
