Configuring both seemed to work. Thanks for all the help!! On Fri, Apr 8, 2022 at 10:10 AM Christopher Schultz < ch...@christopherschultz.net> wrote:
> Clay, > > On 4/7/22 13:50, Clay Lehman wrote: > > Chris, Thanks for your help so far! I am digging into this some more > today. > > > > First off, once i started bulding APR from source instead of doing "yum > > install apr-devel" - my main linking issue went away. so I think we are > > getting close!! > > > > Now I am struggling to get Spring Boot's embedded Tomcat to startup in > the > > APR mode. Most of the blogs and docs i find are older and seem to be out > > of date, or are otherwise not about embedded tomcat. > > > > With these JVM Params: > > -Djava.library.path="/usr/lib/tcnative/lib" > > -Dserver.ssl.certificate-key-file="/testkey.pem" > > -Dserver.ssl.certificate-file="/testcert.pem" > > > > Spring Boot / Tomcat fails to start with this error: > > org.springframework.context.ApplicationContextException: Unable to start > > web server; nested exception is > > org.springframework.boot.web.server.WebServerException: Could not load > key > > store 'null' > > > > > > I have found tomcat notes on using this connector: > > > > <!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 --> > > <Connector > > protocol="org.apache.coyote.http11.Http11AprProtocol" > > port="8443" maxThreads="200" > > scheme="https" secure="true" SSLEnabled="true" > > SSLCertificateFile="/usr/local/ssl/server.crt" > > SSLCertificateKeyFile="/usr/local/ssl/server.pem" > > SSLVerifyClient="optional" > SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"/> > > > > > > But have not been able to figure out the right JVM params to tell Spring > > Boot to work in that manner. > > You may have to ask Spring Boot about that. Sorry. > > > I am now trying setting up both .crt/.pem files AND ALSO the .pk12 to see > > what happens.... > > Wrapping the PEM files into .p12 files shouldn't be too onerous. If that > works, good. But I wonder why the PEM files aren't working. "Could not > load key store null" seems like the certificate-key-file either isn't a > valid option, or isn't being applied as expected. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
