<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=windows-1252">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix"><tt>On 12/07/2016 10:55, Devendra
        Sengar wrote:</tt><tt><br>
      </tt></div>
    <blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div style="font-size:12.8px"><tt>Hi,</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>This is regarding the
            configuration of Tomcat SSL using the APR library on Java 6.</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>While starting the server I am
            getting the below error:</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>SEVERE: Failed to initialize
            end point associated with ProtocolHandler ["http-apr-443"]</tt></div>
        <div style="font-size:12.8px"><tt>java.lang.Exception: Unable to
            load certificate key conf/localhost-key.pem
            (error:02001003:system library:fopen:No such process)</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
      </div>
    </blockquote>
    <tt>Not sure if Tomcat is using OpenSSL or not...</tt><tt><br>
    </tt><tt><br>
    </tt>
    <blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div style="font-size:12.8px"><tt>I am trying to implement SSL
            using independent libraries for OpenSSL, Tomcat Native and
            Apache Portable Runtime.</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>I have downloaded precompiled
            versions of OpenSSL and Tomcat Native (see them attached). I
            have tried compiling the Apache Portable Runtime using
            Visual Studio (find it also attached).</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>I am running those libraries
            on either Tomcat 7.0.6 or 7.0.70 64-bit for Windows (using
            the 64-bit distro, not the installer one).</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>We are restricted by our
            applicatioin to use Oracle Java 6 Updated 115 64-bit.</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
      </div>
    </blockquote>
    <tt>That is really unfortunate, given that I don't think there <br>
      are current security updates for Java 1.6 (maybe there is <br>
      if you pay Oracle for an expensive license/subscription).</tt><tt><br>
    </tt><tt><br>
    </tt>
    <blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div style="font-size:12.8px"><tt>The versions of the libraries
            I am using are the latest available online, again see the
            binaries attached.</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>The parameters used in the
            server.xml file are:</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>For Tomcat 7.0.6:</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt><Connector</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            protocol="org.apache.coyote.http11.Http11AprProtocol"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            port="443" maxThreads="200"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            scheme="https" secure="true" SSLEnabled="true"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLCertificateFile="conf/localhost-cert.pem"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLCertificateKeyFile="conf/localhost-key.pem"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLCertificateChainFile="conf/ca.crt"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLVerifyClient="optional" SSLProtocol="TLSv1"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/></tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>For Tomcat 7.0.70</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt><Connector</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            protocol="org.apache.coyote.http11.Http11AprProtocol"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            port="443" maxThreads="200"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            scheme="https" secure="true" SSLEnabled="true"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLCertificateFile="conf/localhost-cert.pem"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLCertificateKeyFile="conf/localhost-key.pem"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLCertificateChainFile="conf/ca.crt"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
            SSLVerifyClient="optional" SSLProtocol="TLSv1_2"</tt></div>
        <div style="font-size:12.8px"><tt><span style="white-space:pre-wrap">     </span></tt><tt>  
SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/></tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>The library files are in the
            tomcat bin folder as openssl.exe, tcnative-1.dll and
            libapr-1.dll.</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>tcnative-1.dll: </tt><tt><a
              moz-do-not-send="true"
href="https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing"
              target="_blank">https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing</a></tt></div>
        <div style="font-size:12.8px"><tt>openssl.exe: </tt><tt><a
              moz-do-not-send="true"
href="https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing"
              target="_blank">https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing</a></tt></div>
        <div style="font-size:12.8px"><tt>libapr-1.dll: </tt><tt><a
              moz-do-not-send="true"
href="https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing"
              target="_blank">https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing</a></tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
      </div>
    </blockquote>
    <tt>openssl.exe is not the library, it is a command line tool for </tt><tt><br>
    </tt><tt>doing various things (such as requesting certificates,
      converting </tt><tt><br>
    </tt><tt>key file formats etc.)</tt><tt><br>
    </tt><tt><br>
    </tt><tt>The library consists of two files with .dll file extension,
    </tt><tt><br>
    </tt><tt>libeay32.dll for </tt><tt>basic crypto and ssleay32.dll
      for the actual </tt><tt><br>
    </tt><tt>SSL/TLS code.</tt><tt><br>
    </tt><tt><br>
    </tt>
    <blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>The same certificates files
            mentioned in the server.xml file were used and work in a
            brand new Apache web server.</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>Please let us know your
            opinion of what can cause those errors? </tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>Can it be because of a APR dll
            not compiled properly?</tt></div>
        <div style="font-size:12.8px"><tt><br>
          </tt></div>
        <div style="font-size:12.8px"><tt>Any other idea?</tt></div>
        <tt><br>
        </tt></div>
    </blockquote>
    <tt><br>
    </tt>
    <pre class="moz-signature" cols="72">Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  <a class="moz-txt-link-freetext" href="https://www.wisemo.com">https://www.wisemo.com</a>
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded </pre>
  </body>
</html>