Re: Issues when building Tomcat 9 + tcnative

Sun, 15 Nov 2015 06:11:48 -0800 

Am 15.11.2015 um 13:59 schrieb Martin Grigorov:

On Sun, Nov 15, 2015 at 1:35 PM, Martin Grigorov <mgrigo...@apache.org>
wrote:



To setup HTTP2 I follow the steps done by Konstantin Kolinko at
https://bz.apache.org/bugzilla/show_bug.cgi?id=58605
But here it fails with:

15-Nov-2015 13:40:37.505 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
based Apache Tomcat Native library 1.2.2 using APR version 1.5.2.
15-Nov-2015 13:40:37.506 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true].
15-Nov-2015 13:40:37.508 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized (OpenSSL 1.0.2d 9 Jul 2015)
15-Nov-2015 13:40:37.612 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-apr-8080"]
15-Nov-2015 13:40:37.619 INFO [main]
org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol
The ["https-apr-8443"] connector has been configured to support negotiation
to [h2] via ALPN
15-Nov-2015 13:40:37.620 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-apr-8443"]
15-Nov-2015 13:40:37.622 SEVERE [main]
org.apache.coyote.AbstractProtocol.init Failed to initialize end point
associated with ProtocolHandler ["https-apr-8443"]
  java.lang.Exception: Unable to load certificate key
/tmp/tc9/apache-tomcat-9.0.0.M1/conf/localhost-key.pem (error:0906D06C:PEM
routines:PEM_read_bio:no start line)
         at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)

...


The connector config is:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150"
SSLEnabled="true" >
         <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
/>
         <SSLHostConfig honorCipherOrder="false" >
             <Certificate certificateKeyFile="conf/localhost-key.pem"
                          certificateFile="conf/localhost-cert.pem"
                          type="RSA" />
         </SSLHostConfig>
     </Connector>

Ideas what could be wrong ?


Shooting from the hip:


/tmp/tc9/apache-tomcat-9.0.0.M1/conf/localhost-key.pem 
(error:0906D06C:PEM routines:PEM_read_bio:no start line)



sounds like the key file is not in valid PEM format, ie. it doesn't 
start with a


-----BEGIN RSA PRIVATE KEY-----

line. Could you check, what the format of that file is?


You can also use the openssl command from the same openssl installation 
that was used to build your tcnative and read the key file contents 
using it:



/path/to/openssl rsa -inform pem -in 
/tmp/tc9/apache-tomcat-9.0.0.M1/conf/localhost-key.pem -text


Finally, could it be, that your Tomcat runtime user can not read the file?

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to