I should have included this in the previous message. The AprLifecycleListener is declared in server.xml like this: <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim <m...@hyperreal.org> wrote: > > I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with > APR. (I'm using JDK 1.8.0.25 on CentOS.) > > My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1 > while still using Tomcat 7.0.41. This combination works great. My webapp > starts up and is accessible using either SSL or non-SSL. > > Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32 > and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of > catalina.out are a message that shows that Tomcat Native library 1.1.32 and > APR 1.5.1 are indeed in use. My webapp starts up and is accessible using > non-SSL requests, but SSL requests don't work. > > When I saw that SSL wasn't working, I looked in catalina.out and saw this: > > org.apache.coyote.AbstractProtocol.init Failed to initialize end point > associated with ProtocolHandler ["http-apr-8443"] > java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is > enabled in the AprLifecycleListener, the AprLifecycleListener has > initialised correctly and that a valid SSLProtocol has been specified > at > org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532) > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730) > [...] > Caused by: java.lang.Exception: Invalid Server SSL Protocol > (error:00000000:lib(0):func(0):reason(0 > )) > at org.apache.tomcat.jni.SSLContext.make(Native Method) > at > org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527) > > > The SSL Connector in server.xml looks like this: > <Connector port="8443" URIEncoding="utf-8" > maxKeepAliveRequests="3" keepAliveTimeout="3000" > scheme="https" secure="true" SSLEnabled="true" > SSLCertificateFile="/home/scuser/ssl/cert.crt" > SSLCertificateKeyFile="/home/scuser/ssl/cert.key" > > SSLCertificateChainFile="/home/scuser/ssl/intermediateCA.cer" > clientAuth="false" sslProtocol="TLS"/> > > Can anyone see what might be going wrong? > > > Thanks, > Mike > >