Error on Configure tomcat with SSL certificate using APR library on ubuntu

Question

I have installed Tomcat 7 on a 64 bit server running Ubuntu and am trying to configure SSL to work.

I have place my certificate under /opt/tomcat/conf/ directory and made the following changes in server.xml

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

<Connector executor="tomcatThreadPool" scheme="https" secure="true" port="443"    protocol="org.apache.coyote.http11.Http11AprProtocol"
            connectionTimeout="20000" redirectPort="8443" acceptCount="100" SSLEnabled="true"
            maxConnections="100000"  SSLCertificateFile="/opt/tomcat/conf/SSLCertificateFilenew.crt" SSLCertificatKeyFile="/opt/tomcat/conf/SSLCertificateKeyFilenew.key"
            SSLCertificateChainFile="/opt/tomcat/conf/SSLRootCertificateFile.crt" sslProtocol="TLS"/>

When I start the Appache tomcat service I receive following errors:

Nov 13, 2013 5:03:40 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.29 using APR version 1.4.8.
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Nov 13, 2013 5:03:40 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property  'SSLCertificatKeyFile' to 'SSLCertificateKeyFilenew.key' did not find a matching property.
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1 14 Mar 2012)
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-80"]
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-443"]
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"]
java.lang.Exception: Unable to load certificate key SSLCertificateFilenew.crt  (error:02001002:system library:fopen:No such file or directory)
    at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:550)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:623)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
 Caused by: java.lang.Exception: Unable to load certificate key   SSLCertificateFilenew.crt (error:02001002:system library:fopen:No such file or directory)
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:550)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:623)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
... 13 more
Nov 13, 2013 5:03:40 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Nov 13, 2013 5:03:40 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 634 ms
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Nov 13, 2013 5:03:40 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.47
Nov 13, 2013 5:03:40 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /opt/tomcat/webapps/jabberservlet.war
Nov 13, 2013 5:03:41 AM org.apache.tomcat.websocket.server.WsSci onStartup
INFO: JSR 356 WebSocket (Java WebSocket 1.0) support is not available when running on    Java 6. To suppress this message, run Tomcat on Java 7, remove the WebSocket JARs from   $CATALINA_HOME/lib or add the WebSocketJARs to the   tomcat.util.scan.DefaultJarScanner.jarsToSkip property in   $CATALINA_BASE/conf/catalina.properties. Note that the deprecated Tomcat 7 WebSocket API   will be available. 
Nov 13, 2013 5:03:41 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/manager
Nov 13, 2013 5:03:41 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/host-manager
Nov 13, 2013 5:03:41 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/examples
Nov 13, 2013 5:03:42 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/ROOT
Nov 13, 2013 5:03:42 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/tomcat/webapps/docs
Nov 13, 2013 5:03:42 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-apr-80"]
Nov 13, 2013 5:03:42 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-apr-8009"]
Nov 13, 2013 5:03:42 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1509 ms

Can you please help me troubleshoot these errors? I have searched online and can not seem to find any solutions.

Thank You

Answer 1

Adding SSLPassword to the connector worked for me. SSLPassword is similar to what keystorePass used to be. And the default value is "changeit"

Answer 2

It may be caused by your sslProtocol="TLS" setting, and there is no such parameter. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native