Re: Installing SSL connector for Tomcat on Linux/Debian
hi, I've been running into almost the same issue you've described here. just wondering if you've discovered a solution. I tried to upgrade to the latest version of tomcat-native-1.1.18 src, but that didn't help. any insights would be appreciated! in my context...i'm converting from redhat supported version of tomcat6 to open source tomcat6. SSL connector works fine when i use the redhat's version of the jar files... see diff of the lib dir between redhat's tomcat vs open source tomcat below: [r...@localhost srv]# diff redhat-tomcat/lib opensrc-tomcat/lib Binary files redhat-tomcat/lib/annotations-api.jar and opensrc-tomcat/lib/annotations-api.jar differ Binary files redhat-tomcat/lib/catalina-ant.jar and opensrc-tomcat/lib/catalina-ant.jar differ Binary files redhat-tomcat/lib/catalina-ha.jar and opensrc-tomcat/lib/catalina-ha.jar differ Binary files redhat-tomcat/lib/catalina.jar and opensrc-tomcat/lib/catalina.jar differ Only in opensrc-tomcat/lib: catalina-tribes.jar Binary files redhat-tomcat/lib/el-api.jar and opensrc-tomcat/lib/el-api.jar differ Only in redhat-tomcat/lib: gid-jmx-listener.jar Binary files redhat-tomcat/lib/jasper-el.jar and opensrc-tomcat/lib/jasper-el.jar differ Binary files redhat-tomcat/lib/jasper.jar and opensrc-tomcat/lib/jasper.jar differ Binary files redhat-tomcat/lib/jasper-jdt.jar and opensrc-tomcat/lib/jasper-jdt.jar differ Binary files redhat-tomcat/lib/jsp-api.jar and opensrc-tomcat/lib/jsp-api.jar differ Only in redhat-tomcat/lib: libapr-1.so.0 Only in opensrc-tomcat/lib: libtcnative-1.a Only in opensrc-tomcat/lib: libtcnative-1.la Only in opensrc-tomcat/lib: libtcnative-1.lai Binary files redhat-tomcat/lib/libtcnative-1.so and opensrc-tomcat/lib/libtcnative-1.so differ Only in opensrc-tomcat/lib: libtcnative-1.so.0 Only in opensrc-tomcat/lib: libtcnative-1.so.0.1.18 Only in opensrc-tomcat/lib: pkgconfig Binary files redhat-tomcat/lib/servlet-api.jar and opensrc-tomcat/lib/servlet-api.jar differ Binary files redhat-tomcat/lib/tomcat-coyote.jar and opensrc-tomcat/lib/tomcat-coyote.jar differ Binary files redhat-tomcat/lib/tomcat-dbcp.jar and opensrc-tomcat/lib/tomcat-dbcp.jar differ Binary files redhat-tomcat/lib/tomcat-i18n-es.jar and opensrc-tomcat/lib/tomcat-i18n-es.jar differ Binary files redhat-tomcat/lib/tomcat-i18n-fr.jar and opensrc-tomcat/lib/tomcat-i18n-fr.jar differ Binary files redhat-tomcat/lib/tomcat-i18n-ja.jar and opensrc-tomcat/lib/tomcat-i18n-ja.jar differ Only in redhat-tomcat/lib: tomcat-juli-adapters.jar --steve (Release Engineer) Daniele Development-ML wrote: Hello everybody, I'm trying to set up a SSL transport layer, but I'm coming up against some difficulties. Specifically, I followed all the steps requires and specified as in the Tomcat guide - adding some suggestions I found around on several web site for the installation of APR libraries - but still it doesn't work. I'm using Tomcat 6.0.20 with the last version of APR library, on a Lenny/Debian distribution. The output I get in catalina.out is: 18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clientAuth' to 'false' did not find a matching property. 18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLEngine' to 'on' did not find a matching property. 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.16. 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. 18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 18-Aug-2009 18:05:55 org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 18-Aug-2009 18:05:55 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 656 ms While my server configuration is: !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS enableLookups=false disableUploadTimeout=true SSLEngine=on SSLCertificateFile=${catalina.base}/config/certs/self-signed-cert.pem SSLCertificateKeyFile=${catalina.base}/config/certs/rsa-private-key.pem/ Where the certificates where generated with OpenSLL on a Windows Platform. In addition, I included the following lines at the beginning of setclass file CATALINA_OPTS=$CATALINA_OPTS
Re: Installing SSL connector for Tomcat on Linux/Debian
fyi, i finally figured out what i was doing wrong. When building the tomcat native connector i didn't include the '--with-ssl=yes' option ... see below the correct command configure command: # Build the Tomcat native connector. cd tomcat-native-*-src/jni/native JAVA_HOME=%{java_home} ./configure \ --prefix=%{home} \ --with-apr=/usr/bin/apr-1-config \ --with-ssl=yes make Hope this helps others with similar issue I had! --skim Daniele Development-ML wrote: Hello everybody, I'm trying to set up a SSL transport layer, but I'm coming up against some difficulties. Specifically, I followed all the steps requires and specified as in the Tomcat guide - adding some suggestions I found around on several web site for the installation of APR libraries - but still it doesn't work. I'm using Tomcat 6.0.20 with the last version of APR library, on a Lenny/Debian distribution. The output I get in catalina.out is: 18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'clientAuth' to 'false' did not find a matching property. 18-Aug-2009 18:05:55 org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLEngine' to 'on' did not find a matching property. 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.16. 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 18-Aug-2009 18:05:55 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. 18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 18-Aug-2009 18:05:55 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 18-Aug-2009 18:05:55 org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 18-Aug-2009 18:05:55 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 656 ms While my server configuration is: !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS enableLookups=false disableUploadTimeout=true SSLEngine=on SSLCertificateFile=${catalina.base}/config/certs/self-signed-cert.pem SSLCertificateKeyFile=${catalina.base}/config/certs/rsa-private-key.pem/ Where the certificates where generated with OpenSLL on a Windows Platform. In addition, I included the following lines at the beginning of setclass file CATALINA_OPTS=$CATALINA_OPTS -Djava.library.path=/home/daniele/tomcat-6.0.20/bin/tomcat-native-1.1.16-src/jni/native/.libs Where the APR libraries are deposed after the installation. Any hints or suggestions? Daniele -- View this message in context: http://old.nabble.com/Installing-SSL-connector-for-Tomcat-on-Linux-Debian-tp25030389p26651674.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org