Created attachment 27210 [details] jvm stack trace Hi, I'm trying to enable SSL on a tomcat 6.0.32 on a windows 2003 server machine with tcnative version 1.20. When I add the following lines to the server.xml <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" SSLCertificateFile="${catalina.base}/conf/ssl/presidencia.crt" SSLCertificateKeyFile="${catalina.base}/conf/ssl/presidencia.key" SSLCACertificateFile="${catalina.base}/conf/ssl/CA/catcert.pem"/> It crashes as: C:\Tomcat 6.0\bin>tomcat6.exe 27-jun-2011 13:45:19 org.apache.catalina.core.AprLifecycleListener init INFO: Cargada la biblioteca nativa APR de Apache Tomcat 1.1.20 27-jun-2011 13:45:19 org.apache.catalina.core.AprLifecycleListener init INFO: Capacidades APR: IPv6 [true], enviar fichero [true], aceptar filtros [false], aleatorio [true]. 27-jun-2011 13:45:19 org.apache.coyote.http11.Http11AprProtocol init INFO: Inicializando Coyote HTTP/1.1 en puerto http-8181 # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x10009890, pid=5300, tid=2620 # # JRE version: 6.0_26-b03 # Java VM: Java HotSpot(TM) Client VM (20.1-b02 mixed mode, sharing windows-x86 ) # Problematic frame: # C [tcnative-1.dll+0x9890] # # An error report file with more information is saved as: # C:\Tomcat 6.0\hs_err_pid5300.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # C:\Tomcat 6.0\bin> It looks an error related to tcnative and SSL. I attach the complete log. Thanks a lot.
Hi, Is there any new about this bug? a big project is stopped due to this error. Thanks a lot.
> SSLCACertificateFile="${catalina.base}/conf/ssl/CA/catcert.pem" Are you sure this is a correct path? Usually the file is named cacert.pem not catcert.pem If you can confirm the typo has caused the crash, it would be a good starting point in making sure it doesn't happen again.
Yes, I'm sure. It cames from Catcert (www.catcert.cat) which is our CA entity. The complete path: C:\Tomcat 6.0\conf\ssl\CA\catcert.pem Thanks a lot for your update.
Have you tried without setting the SSLCACertificateFile Also does your presidencia.key requires a password?
Hi Mark, I have tried without the SSLCACertificateFile key but system raises the same error at startup. presidencia.key does not require password. Note that the certificate I'm using (crt + key + pem) is correctly working on another apache we have in our infraestructure. Thanks a lot.
By "another Apache" are you thinking of Apache Tomcat or Apache Http? And yes, the crash happens before CA file. If not sensitive can you send me privately those certs, since I newer saw this kind of error.
Hi, I meant another apache web server (httpd). Where can I send to you the certs ? Thanks a lot.
I have found your email and I have sent to you the certificates.
You have a wrong certificate format. It should be PEM not DER like in your case Convert it to .pem C:\> openssl x509 -trustout -inform DER -in presidencia.crt -outform PEM -out presidencia.pem Then use SSLCertificateFile="${catalina.base}/conf/ssl/presidencia.pem" In your server.xml However I'll leave this issue open, cause we have some problem in reporting that error. Eg. it should throw something something like openssl.exe prints out: c:\>openssl.exe s_server -cert presidencia.crt -key presidencia.key unable to load certificate 1448:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:650:Expecting: TRUSTED CERTIFICATE Instead crashing the JVM
Hi, Transforming certificate into .PEM format makes system work perfectly. Thanks a lot for your quick response.
Fix in the SVN. Like Apache Httpd's mod_ssl, the certificate will be loaded in DER format if PEM format indicates PEM_R_NO_START_LINE