EV SSL Certificate in Tomcat7

Question

I'm trying to configure Tomcat7 to use an EV Certificate from Thawte but there is no way to make it run.

After a few problems, we finally could install the certificates (Primary, Secondary and SSL Certificate) into the keystore, and now we're trying to configure Tomcat through a server.xml file following (or trying to follow) instructions on Tomcat SSL How To, but something is going wrong.

At this moment we don't have any errors or warnings in catalina.out but the green bar doesn't appear. What could be the problem?

server.xml:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

...

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

...

<!-- Define a SSL HTTP/1.1 Connector on port 8443
     This connector uses the JSSE configuration, when using APR, the
     connector should be using the OpenSSL style configuration
     described in the APR documentation -->
<!-- DEFAULT
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />
-->
<!-- NOK - From Thawte
<Connector
  className="org.apache.coyote.tomcat4.CoyoteConnector"
  port="8443" minProcessors="5"
  maxProcessors="75"
  enableLookups="false"
  acceptCount="10"
  connectionTimeout="60000" debug="0"
  scheme="https" secure="true">
<Factory
  className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
         clientAuth="false" protocol="TLS"
         keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
         keystorePass="..."/>
</Connector>
-->
<!--
<Connector
    protocol="HTTP/1.1"
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
    keystorePass="..."
    clientAuth="false" sslProtocol="TLS"/>
-->
<!-- -->
<Connector
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keyAlias="myalias"
    keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
    keystorePass="..."
    clientAuth="false" sslProtocol="TLS"/>
<!-- --->

catalina.out:

...
Apr 28, 2014 10:57:06 AM org.apache.catalina.core.StandardServer await
INFO: A valid shutdown command was received via the shutdown port. Stopping the Server instance.
Apr 28, 2014 10:57:06 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:06 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:07 AM org.apache.catalina.core.StandardService stopInternal
INFO: Stopping service Catalina
...
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO : Destroying ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["ajp-bio-8009"]
...
Apr 28, 2014 10:57:22 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:23 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2242 ms
Apr 28, 2014 10:57:23 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Apr 28, 2014 10:57:23 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.42
Apr 28, 2014 10:57:23 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /var/lib/tomcat7/webapps/ROOT.war

Answer 1

1. Did you confirm, that the private key used for creating the Certificate Signing Requests is also stored in the Java keystore?

2. Did you enter the correct password for the Java keystore? If not your Java application could not access the keystore

3. Did you install the Java Cryptographic Extension policy files (JCE) for your current runtime environment?

Please confirm these steps first. Your log information does not show anything unusual. You could also try to use the tomcat native client APR with OpenSSL (APR 1.1.30 with OpenSSL 1.0.1g to avoid the Heartbleed bug) to get SSL running. SSL performs much better the native way.