Re: Installing SSL connector for Tomcat on Linux/Debian
hi,
I've been running into almost the same issue you've described here. just
wondering if you've discovered a solution. I tried to upgrade to the latest
version of tomcat-native-1.1.18 src, but that didn't help.
any insights would be appreciated!
in my context...i'm converting from redhat supported version of tomcat6 to
open source tomcat6.
SSL connector works fine when i use the redhat's version of the jar files...
see diff of the lib dir between redhat's tomcat vs open source tomcat below:
[r...@localhost srv]# diff redhat-tomcat/lib opensrc-tomcat/lib
Binary files redhat-tomcat/lib/annotations-api.jar and
opensrc-tomcat/lib/annotations-api.jar differ
Binary files redhat-tomcat/lib/catalina-ant.jar and
opensrc-tomcat/lib/catalina-ant.jar differ
Binary files redhat-tomcat/lib/catalina-ha.jar and
opensrc-tomcat/lib/catalina-ha.jar differ
Binary files redhat-tomcat/lib/catalina.jar and
opensrc-tomcat/lib/catalina.jar differ
Only in opensrc-tomcat/lib: catalina-tribes.jar
Binary files redhat-tomcat/lib/el-api.jar and opensrc-tomcat/lib/el-api.jar
differ
Only in redhat-tomcat/lib: gid-jmx-listener.jar
Binary files redhat-tomcat/lib/jasper-el.jar and
opensrc-tomcat/lib/jasper-el.jar differ
Binary files redhat-tomcat/lib/jasper.jar and opensrc-tomcat/lib/jasper.jar
differ
Binary files redhat-tomcat/lib/jasper-jdt.jar and
opensrc-tomcat/lib/jasper-jdt.jar differ
Binary files redhat-tomcat/lib/jsp-api.jar and
opensrc-tomcat/lib/jsp-api.jar differ
Only in redhat-tomcat/lib: libapr-1.so.0
Only in opensrc-tomcat/lib: libtcnative-1.a
Only in opensrc-tomcat/lib: libtcnative-1.la
Only in opensrc-tomcat/lib: libtcnative-1.lai
Binary files redhat-tomcat/lib/libtcnative-1.so and
opensrc-tomcat/lib/libtcnative-1.so differ
Only in opensrc-tomcat/lib: libtcnative-1.so.0
Only in opensrc-tomcat/lib: libtcnative-1.so.0.1.18
Only in opensrc-tomcat/lib: pkgconfig
Binary files redhat-tomcat/lib/servlet-api.jar and
opensrc-tomcat/lib/servlet-api.jar differ
Binary files redhat-tomcat/lib/tomcat-coyote.jar and
opensrc-tomcat/lib/tomcat-coyote.jar differ
Binary files redhat-tomcat/lib/tomcat-dbcp.jar and
opensrc-tomcat/lib/tomcat-dbcp.jar differ
Binary files redhat-tomcat/lib/tomcat-i18n-es.jar and
opensrc-tomcat/lib/tomcat-i18n-es.jar differ
Binary files redhat-tomcat/lib/tomcat-i18n-fr.jar and
opensrc-tomcat/lib/tomcat-i18n-fr.jar differ
Binary files redhat-tomcat/lib/tomcat-i18n-ja.jar and
opensrc-tomcat/lib/tomcat-i18n-ja.jar differ
Only in redhat-tomcat/lib: tomcat-juli-adapters.jar
--steve (Release Engineer)
Daniele Development-ML wrote:
Hello everybody,
I'm trying to set up a SSL transport layer, but I'm coming up against some
difficulties.
Specifically, I followed all the steps requires and specified as in the
Tomcat guide - adding some suggestions I found around on several web site
for the installation of APR libraries - but still it doesn't work.
I'm using Tomcat 6.0.20 with the last version of APR library, on a
Lenny/Debian distribution.
The output I get in catalina.out is:
18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'clientAuth' to 'false' did not find a matching property.
18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLEngine' to 'on' did not find a matching property.
18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: Failed to initialize the SSLEngine.
18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
18-Aug-2009 18:05:55 org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
18-Aug-2009 18:05:55 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 656 ms
While my server configuration is:
!-- Define a SSL HTTP/1.1 Connector on port 8443 --
Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 scheme=https secure=true clientAuth=false
sslProtocol=TLS enableLookups=false disableUploadTimeout=true
SSLEngine=on
SSLCertificateFile=${catalina.base}/config/certs/self-signed-cert.pem
SSLCertificateKeyFile=${catalina.base}/config/certs/rsa-private-key.pem/
Where the certificates where generated with OpenSLL on a Windows Platform.
In addition, I included the following lines at the beginning of setclass
file
CATALINA_OPTS=$CATALINA_OPTS
Re: Installing SSL connector for Tomcat on Linux/Debian
fyi, i finally figured out what i was doing wrong. When building the tomcat
native connector i didn't include the '--with-ssl=yes' option ... see below
the correct command configure command:
# Build the Tomcat native connector.
cd tomcat-native-*-src/jni/native
JAVA_HOME=%{java_home} ./configure \
--prefix=%{home} \
--with-apr=/usr/bin/apr-1-config \
--with-ssl=yes
make
Hope this helps others with similar issue I had!
--skim
Daniele Development-ML wrote:
Hello everybody,
I'm trying to set up a SSL transport layer, but I'm coming up against some
difficulties.
Specifically, I followed all the steps requires and specified as in the
Tomcat guide - adding some suggestions I found around on several web site
for the installation of APR libraries - but still it doesn't work.
I'm using Tomcat 6.0.20 with the last version of APR library, on a
Lenny/Debian distribution.
The output I get in catalina.out is:
18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'clientAuth' to 'false' did not find a matching property.
18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule
begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLEngine' to 'on' did not find a matching property.
18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.16.
18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: Failed to initialize the SSLEngine.
18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
18-Aug-2009 18:05:55 org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
18-Aug-2009 18:05:55 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 656 ms
While my server configuration is:
!-- Define a SSL HTTP/1.1 Connector on port 8443 --
Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 scheme=https secure=true clientAuth=false
sslProtocol=TLS enableLookups=false disableUploadTimeout=true
SSLEngine=on
SSLCertificateFile=${catalina.base}/config/certs/self-signed-cert.pem
SSLCertificateKeyFile=${catalina.base}/config/certs/rsa-private-key.pem/
Where the certificates where generated with OpenSLL on a Windows Platform.
In addition, I included the following lines at the beginning of setclass
file
CATALINA_OPTS=$CATALINA_OPTS
-Djava.library.path=/home/daniele/tomcat-6.0.20/bin/tomcat-native-1.1.16-src/jni/native/.libs
Where the APR libraries are deposed after the installation.
Any hints or suggestions?
Daniele
--
View this message in context:
http://old.nabble.com/Installing-SSL-connector-for-Tomcat-on-Linux-Debian-tp25030389p26651674.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
