On 13.07.2016 07:02, Devendra Sengar wrote:
File is there and permission is also fine and having proper openssl.cnf.

Any other view?

Really "shooting in the dark" here, since I am neither a Windows nor an SSL 
specialist :
The error message mentions "no such process". Assuming (and that may be a naive assumption) that the error message reflects the reality, could it not be that the handling of these SSL keys/cartificates under Windows, requires some background Windows "cryptographic service" to be active, and that it is not ?
(or some DLL to be found somewhere, where it isn't)


Thanks,
Devendra

On Tue, Jul 12, 2016 at 9:10 PM, André Warnier (tomcat) <a...@ice-sa.com>
wrote:

On 12.07.2016 16:33, Harrie Robins wrote:

java.lang.Exception: Unable to load certificate key
conf/localhost-key.pem (error:02001003:system library:fopen:No such process

If I'm correct you are either missing correct rights to this file or it
is not in the given location.
A second possibility is missing password for key file.


Alternatively, searching Google for error:02001003, there are a number of
hits there which point to the same kind of message, most of which seem to
be for Windows and OpenSSL, and most of which mention the need for a proper
"openssl.cnf" in the proper location.
This may or may not be relevant to your problem.



SSLPassword="pass"

Regards,

Harrie

-----Original Message-----
From: Devendra Sengar [mailto:dssen...@gmail.com]
Sent: dinsdag 12 juli 2016 10:50
To: users@tomcat.apache.org
Subject: Facing issue while configuring SSL

Hi,

This is regarding the configuration of Tomcat SSL using the APR library
on Java 6.

While starting the server I am getting the below error:

SEVERE: Failed to initialize end point associated with ProtocolHandler
["http-apr-443"]
java.lang.Exception: Unable to load certificate key
conf/localhost-key.pem (error:02001003:system library:fopen:No such process)

I am trying to implement SSL using independent libraries for OpenSSL,
Tomcat Native and Apache Portable Runtime.

I have downloaded precompiled versions of OpenSSL and Tomcat Native (see
them attached). I have tried compiling the Apache Portable Runtime using
Visual Studio (find it also attached).

I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for
Windows (using the 64-bit distro, not the installer one).

We are restricted by our applicatioin to use Oracle Java 6 Updated 115
64-bit.

The versions of the libraries I am using are the latest available online,
again see the binaries attached.

The parameters used in the server.xml file are:

For Tomcat 7.0.6:
<Connector
    protocol="org.apache.coyote.http11.Http11AprProtocol"
    port="443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    SSLCertificateFile="conf/localhost-cert.pem"
    SSLCertificateKeyFile="conf/localhost-key.pem"
    SSLCertificateChainFile="conf/ca.crt"
    SSLVerifyClient="optional" SSLProtocol="TLSv1"
    SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/>

For Tomcat 7.0.70

<Connector
    protocol="org.apache.coyote.http11.Http11AprProtocol"
    port="443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    SSLCertificateFile="conf/localhost-cert.pem"
    SSLCertificateKeyFile="conf/localhost-key.pem"
    SSLCertificateChainFile="conf/ca.crt"
    SSLVerifyClient="optional" SSLProtocol="TLSv1_2"
    SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/>

The library files are in the tomcat bin folder as openssl.exe,
tcnative-1.dll and libapr-1.dll.

tcnative-1.dll:

https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing
openssl.exe:

https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing
libapr-1.dll:

https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing


The same certificates files mentioned in the server.xml file were used
and work in a brand new Apache web server.

Please let us know your opinion of what can cause those errors?

Can it be because of a APR dll not compiled properly?

Any other idea?

Thanks,
Devendra


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to