If i am giving the full path of the certificate like c:/tomcat/conf/<filename> then its taking the file, as the error i was getting "SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"]" that's no more.
But the tomcat server is started without any error but won't able to open the home page of tomcat giving the error like: This site can’t be reached The webpage at *https://<hostname>:8443/* might be temporarily down or it may have moved permanently to a new web address. If i telnet the server then its not able to connect but if i use openssl s_client -connect it shows the certificate information. Any suggestion? Thanks, Devendra On Wed, Jul 13, 2016 at 1:54 PM, André Warnier (tomcat) <a...@ice-sa.com> wrote: > On 13.07.2016 07:02, Devendra Sengar wrote: > >> File is there and permission is also fine and having proper openssl.cnf. >> >> Any other view? >> > > Really "shooting in the dark" here, since I am neither a Windows nor an > SSL specialist : > The error message mentions "no such process". Assuming (and that may be a > naive assumption) that the error message reflects the reality, could it not > be that the handling of these SSL keys/cartificates under Windows, requires > some background Windows "cryptographic service" to be active, and that it > is not ? > (or some DLL to be found somewhere, where it isn't) > > > >> Thanks, >> Devendra >> >> On Tue, Jul 12, 2016 at 9:10 PM, André Warnier (tomcat) <a...@ice-sa.com> >> wrote: >> >> On 12.07.2016 16:33, Harrie Robins wrote: >>> >>> java.lang.Exception: Unable to load certificate key >>>> conf/localhost-key.pem (error:02001003:system library:fopen:No such >>>> process >>>> >>>> If I'm correct you are either missing correct rights to this file or it >>>> is not in the given location. >>>> A second possibility is missing password for key file. >>>> >>>> >>> Alternatively, searching Google for error:02001003, there are a number of >>> hits there which point to the same kind of message, most of which seem to >>> be for Windows and OpenSSL, and most of which mention the need for a >>> proper >>> "openssl.cnf" in the proper location. >>> This may or may not be relevant to your problem. >>> >>> >>> >>> SSLPassword="pass" >>>> >>>> Regards, >>>> >>>> Harrie >>>> >>>> -----Original Message----- >>>> From: Devendra Sengar [mailto:dssen...@gmail.com] >>>> Sent: dinsdag 12 juli 2016 10:50 >>>> To: users@tomcat.apache.org >>>> Subject: Facing issue while configuring SSL >>>> >>>> Hi, >>>> >>>> This is regarding the configuration of Tomcat SSL using the APR library >>>> on Java 6. >>>> >>>> While starting the server I am getting the below error: >>>> >>>> SEVERE: Failed to initialize end point associated with ProtocolHandler >>>> ["http-apr-443"] >>>> java.lang.Exception: Unable to load certificate key >>>> conf/localhost-key.pem (error:02001003:system library:fopen:No such >>>> process) >>>> >>>> I am trying to implement SSL using independent libraries for OpenSSL, >>>> Tomcat Native and Apache Portable Runtime. >>>> >>>> I have downloaded precompiled versions of OpenSSL and Tomcat Native (see >>>> them attached). I have tried compiling the Apache Portable Runtime using >>>> Visual Studio (find it also attached). >>>> >>>> I am running those libraries on either Tomcat 7.0.6 or 7.0.70 64-bit for >>>> Windows (using the 64-bit distro, not the installer one). >>>> >>>> We are restricted by our applicatioin to use Oracle Java 6 Updated 115 >>>> 64-bit. >>>> >>>> The versions of the libraries I am using are the latest available >>>> online, >>>> again see the binaries attached. >>>> >>>> The parameters used in the server.xml file are: >>>> >>>> For Tomcat 7.0.6: >>>> <Connector >>>> protocol="org.apache.coyote.http11.Http11AprProtocol" >>>> port="443" maxThreads="200" >>>> scheme="https" secure="true" SSLEnabled="true" >>>> SSLCertificateFile="conf/localhost-cert.pem" >>>> SSLCertificateKeyFile="conf/localhost-key.pem" >>>> SSLCertificateChainFile="conf/ca.crt" >>>> SSLVerifyClient="optional" SSLProtocol="TLSv1" >>>> SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> >>>> >>>> For Tomcat 7.0.70 >>>> >>>> <Connector >>>> protocol="org.apache.coyote.http11.Http11AprProtocol" >>>> port="443" maxThreads="200" >>>> scheme="https" secure="true" SSLEnabled="true" >>>> SSLCertificateFile="conf/localhost-cert.pem" >>>> SSLCertificateKeyFile="conf/localhost-key.pem" >>>> SSLCertificateChainFile="conf/ca.crt" >>>> SSLVerifyClient="optional" SSLProtocol="TLSv1_2" >>>> SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/> >>>> >>>> The library files are in the tomcat bin folder as openssl.exe, >>>> tcnative-1.dll and libapr-1.dll. >>>> >>>> tcnative-1.dll: >>>> >>>> >>>> https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing >>>> openssl.exe: >>>> >>>> >>>> https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing >>>> libapr-1.dll: >>>> >>>> >>>> https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing >>>> >>>> >>>> The same certificates files mentioned in the server.xml file were used >>>> and work in a brand new Apache web server. >>>> >>>> Please let us know your opinion of what can cause those errors? >>>> >>>> Can it be because of a APR dll not compiled properly? >>>> >>>> Any other idea? >>>> >>>> Thanks, >>>> Devendra >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
