<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><tt>On 12/07/2016 10:55, Devendra
Sengar wrote:</tt><tt><br>
</tt></div>
<blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style="font-size:12.8px"><tt>Hi,</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>This is regarding the
configuration of Tomcat SSL using the APR library on Java 6.</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>While starting the server I am
getting the below error:</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>SEVERE: Failed to initialize
end point associated with ProtocolHandler ["http-apr-443"]</tt></div>
<div style="font-size:12.8px"><tt>java.lang.Exception: Unable to
load certificate key conf/localhost-key.pem
(error:02001003:system library:fopen:No such process)</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
</div>
</blockquote>
<tt>Not sure if Tomcat is using OpenSSL or not...</tt><tt><br>
</tt><tt><br>
</tt>
<blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style="font-size:12.8px"><tt>I am trying to implement SSL
using independent libraries for OpenSSL, Tomcat Native and
Apache Portable Runtime.</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>I have downloaded precompiled
versions of OpenSSL and Tomcat Native (see them attached). I
have tried compiling the Apache Portable Runtime using
Visual Studio (find it also attached).</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>I am running those libraries
on either Tomcat 7.0.6 or 7.0.70 64-bit for Windows (using
the 64-bit distro, not the installer one).</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>We are restricted by our
applicatioin to use Oracle Java 6 Updated 115 64-bit.</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
</div>
</blockquote>
<tt>That is really unfortunate, given that I don't think there <br>
are current security updates for Java 1.6 (maybe there is <br>
if you pay Oracle for an expensive license/subscription).</tt><tt><br>
</tt><tt><br>
</tt>
<blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style="font-size:12.8px"><tt>The versions of the libraries
I am using are the latest available online, again see the
binaries attached.</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>The parameters used in the
server.xml file are:</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>For Tomcat 7.0.6:</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt><Connector</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
protocol="org.apache.coyote.http11.Http11AprProtocol"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
port="443" maxThreads="200"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
scheme="https" secure="true" SSLEnabled="true"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCertificateFile="conf/localhost-cert.pem"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCertificateKeyFile="conf/localhost-key.pem"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCertificateChainFile="conf/ca.crt"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLVerifyClient="optional" SSLProtocol="TLSv1"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/></tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>For Tomcat 7.0.70</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt><Connector</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
protocol="org.apache.coyote.http11.Http11AprProtocol"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
port="443" maxThreads="200"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
scheme="https" secure="true" SSLEnabled="true"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCertificateFile="conf/localhost-cert.pem"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCertificateKeyFile="conf/localhost-key.pem"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCertificateChainFile="conf/ca.crt"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLVerifyClient="optional" SSLProtocol="TLSv1_2"</tt></div>
<div style="font-size:12.8px"><tt><span style="white-space:pre-wrap"> </span></tt><tt>
SSLCipherSuite="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA"/></tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>The library files are in the
tomcat bin folder as openssl.exe, tcnative-1.dll and
libapr-1.dll.</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>tcnative-1.dll: </tt><tt><a
moz-do-not-send="true"
href="https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing"
target="_blank">https://drive.google.com/file/d/0ByilOlQCXOkWQ1ZCckhodHBvQk0/view?usp=sharing</a></tt></div>
<div style="font-size:12.8px"><tt>openssl.exe: </tt><tt><a
moz-do-not-send="true"
href="https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing"
target="_blank">https://drive.google.com/file/d/0ByilOlQCXOkWQk9KUUJSb3ZqeW8/view?usp=sharing</a></tt></div>
<div style="font-size:12.8px"><tt>libapr-1.dll: </tt><tt><a
moz-do-not-send="true"
href="https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing"
target="_blank">https://drive.google.com/file/d/0ByilOlQCXOkWV09NTi0tNWxhZnM/view?usp=sharing</a></tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
</div>
</blockquote>
<tt>openssl.exe is not the library, it is a command line tool for </tt><tt><br>
</tt><tt>doing various things (such as requesting certificates,
converting </tt><tt><br>
</tt><tt>key file formats etc.)</tt><tt><br>
</tt><tt><br>
</tt><tt>The library consists of two files with .dll file extension,
</tt><tt><br>
</tt><tt>libeay32.dll for </tt><tt>basic crypto and ssleay32.dll
for the actual </tt><tt><br>
</tt><tt>SSL/TLS code.</tt><tt><br>
</tt><tt><br>
</tt>
<blockquote class=" cite"
id="mid_CAJ88ud_RFD5_F4BoyauK31V_iOfh_zyFRvp0TEhJYUq_e__bQw_mail_gmail_com"
cite="mid:CAJ88ud=RFD5-F4BoyauK31V=iOfh=zyFRvp0TEhJYUq-e=_bQw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>The same certificates files
mentioned in the server.xml file were used and work in a
brand new Apache web server.</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>Please let us know your
opinion of what can cause those errors? </tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>Can it be because of a APR dll
not compiled properly?</tt></div>
<div style="font-size:12.8px"><tt><br>
</tt></div>
<div style="font-size:12.8px"><tt>Any other idea?</tt></div>
<tt><br>
</tt></div>
</blockquote>
<tt><br>
</tt>
<pre class="moz-signature" cols="72">Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. <a class="moz-txt-link-freetext" href="https://www.wisemo.com">https://www.wisemo.com</a>
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded </pre>
</body>
</html>