Hi Mike.
here is my working configuration with APR.
<Connector port="7443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true"
clientAuth="true" sslProtocol="TLSv1.2"
SSLCertificateFile="/opt/_cdrom_apache/certs/dev-apr.pem"
SSLCertificateKeyFile="/opt/_cdrom_apache/certs/key.pem"
SSLCACertificateFile="/opt/_cdrom_apache/certs/CA.pem"
/>
I hope this will work for you.
Regards,
Sanaullah
On Thu, Dec 18, 2014 at 6:15 AM, Mike Wertheim <m...@hyperreal.org> wrote:
>
> I should have included this in the previous message.
>
> The AprLifecycleListener is declared in server.xml like this:
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" />
>
>
>
>
> On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim <m...@hyperreal.org> wrote:
> >
> > I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with
> > APR. (I'm using JDK 1.8.0.25 on CentOS.)
> >
> > My first step was to upgrade to Tomcat Native library 1.1.32 and APR
> 1.5.1
> > while still using Tomcat 7.0.41. This combination works great. My
> webapp
> > starts up and is accessible using either SSL or non-SSL.
> >
> > Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32
> > and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of
> > catalina.out are a message that shows that Tomcat Native library 1.1.32
> and
> > APR 1.5.1 are indeed in use. My webapp starts up and is accessible using
> > non-SSL requests, but SSL requests don't work.
> >
> > When I saw that SSL wasn't working, I looked in catalina.out and saw
> this:
> >
> > org.apache.coyote.AbstractProtocol.init Failed to initialize end point
> > associated with ProtocolHandler ["http-apr-8443"]
> > java.lang.Exception: Unable to create SSLContext. Check that SSLEngine
> is
> > enabled in the AprLifecycleListener, the AprLifecycleListener has
> > initialised correctly and that a valid SSLProtocol has been specified
> > at
> > org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532)
> > at
> >
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730)
> > [...]
> > Caused by: java.lang.Exception: Invalid Server SSL Protocol
> > (error:00000000:lib(0):func(0):reason(0
> > ))
> > at org.apache.tomcat.jni.SSLContext.make(Native Method)
> > at
> > org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527)
> >
> >
> > The SSL Connector in server.xml looks like this:
> > <Connector port="8443" URIEncoding="utf-8"
> > maxKeepAliveRequests="3" keepAliveTimeout="3000"
> > scheme="https" secure="true" SSLEnabled="true"
> > SSLCertificateFile="/home/scuser/ssl/cert.crt"
> > SSLCertificateKeyFile="/home/scuser/ssl/cert.key"
> >
> > SSLCertificateChainFile="/home/scuser/ssl/intermediateCA.cer"
> > clientAuth="false" sslProtocol="TLS"/>
> >
> > Can anyone see what might be going wrong?
> >
> >
> > Thanks,
> > Mike
> >
> >
>
