On Sun, Nov 15, 2015 at 3:10 PM, Rainer Jung <rainer.j...@kippdata.de> wrote:
> Am 15.11.2015 um 13:59 schrieb Martin Grigorov: > >> On Sun, Nov 15, 2015 at 1:35 PM, Martin Grigorov <mgrigo...@apache.org> >> wrote: >> > > To setup HTTP2 I follow the steps done by Konstantin Kolinko at >> https://bz.apache.org/bugzilla/show_bug.cgi?id=58605 >> But here it fails with: >> >> 15-Nov-2015 13:40:37.505 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR >> based Apache Tomcat Native library 1.2.2 using APR version 1.5.2. >> 15-Nov-2015 13:40:37.506 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR >> capabilities: IPv6 [true], sendfile [true], accept filters [false], random >> [true]. >> 15-Nov-2015 13:40:37.508 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL >> successfully initialized (OpenSSL 1.0.2d 9 Jul 2015) >> 15-Nov-2015 13:40:37.612 INFO [main] >> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler >> ["http-apr-8080"] >> 15-Nov-2015 13:40:37.619 INFO [main] >> org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol >> The ["https-apr-8443"] connector has been configured to support >> negotiation >> to [h2] via ALPN >> 15-Nov-2015 13:40:37.620 INFO [main] >> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler >> ["https-apr-8443"] >> 15-Nov-2015 13:40:37.622 SEVERE [main] >> org.apache.coyote.AbstractProtocol.init Failed to initialize end point >> associated with ProtocolHandler ["https-apr-8443"] >> java.lang.Exception: Unable to load certificate key >> /tmp/tc9/apache-tomcat-9.0.0.M1/conf/localhost-key.pem (error:0906D06C:PEM >> routines:PEM_read_bio:no start line) >> at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) >> > ... > > The connector config is: >> <Connector port="8443" >> protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" >> SSLEnabled="true" > >> <UpgradeProtocol >> className="org.apache.coyote.http2.Http2Protocol" >> /> >> <SSLHostConfig honorCipherOrder="false" > >> <Certificate certificateKeyFile="conf/localhost-key.pem" >> certificateFile="conf/localhost-cert.pem" >> type="RSA" /> >> </SSLHostConfig> >> </Connector> >> >> Ideas what could be wrong ? >> > > Shooting from the hip: > > /tmp/tc9/apache-tomcat-9.0.0.M1/conf/localhost-key.pem (error:0906D06C:PEM > routines:PEM_read_bio:no start line) > > sounds like the key file is not in valid PEM format, ie. it doesn't start > with a > > -----BEGIN RSA PRIVATE KEY----- > Thanks, Rainer! Somehow I messed up my Tomcat SVN working dir here and both localhost-cert.pem and localhost-key.pem had the same content! svn revert + copy again the -key.pem file to conf/ fixed the issue! > line. Could you check, what the format of that file is? > > You can also use the openssl command from the same openssl installation > that was used to build your tcnative and read the key file contents using > it: > > /path/to/openssl rsa -inform pem -in > /tmp/tc9/apache-tomcat-9.0.0.M1/conf/localhost-key.pem -text > > Finally, could it be, that your Tomcat runtime user can not read the file? > > Regards, > > Rainer Overall everything looks good now! Tomcat default apps run OK. Both Firefox and Google Chrome report H2. It is just my own application that doesn't work in HTTP2 mode. http://localhost:8080/wicket-websocket/ works fine But https://localhost:8443/wicket-websocket/ redirects immediately with 302 to http://localhost/wicket-websocket/ (and Tomcat is not responsible for port 80 here) I've changed the name of the app (i.e. the .war) but it behaves the same way. I'll try to debug it. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
