-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dejan,
On 5/19/15 11:58 AM, Dejan Stamenov wrote:
> Maybe I have messed up really bad, so I can't solve it now. I will
> start over with this, can you tell me if this are the steps I need
> to do for it to work:
>
> install libapr1-devinstall tcnativeWill I need to make that
> specific .sh file in the Tomcat /bin directory after I have done
> these 2 steps?
If it were me, I would:
1. Remove all traces of the APR source and binary that you downloaded
and built for yourself.
2. Make sure that the packages libapr1 and libapr1-dev are installed
via apt-get
3. Make sure you build tcnative such that, after:
$ make distclean
$ ./configure [...]
$ make
... you have some .so files sitting-around somewhere.
4. Copy those files into CATALINA_BASE/bin
5. When you launch, make sure that java.library.path includes
CATALINA_BASE/bin
> Also, can I use something else than APR library connector?
Yes. All Tomcat connectors support TLS.
The APR-based connector will outperform all other connectors when
using TLS by an order of magnitude. If you are serious about
performance, you should either use the APR-based connector or
terminate TLS elsewhere (like a reverse proxy) and not have Tomcat do
any crypto at all.
> I have been trying to make it work now with a keystore, but when I
> access my application I get "The connection was reset" error. In my
> keystore, I have my server certificate, my intermediate file and
> primary cert file which have been given to me (the last 2). Also,
> when I look into the logs of the server there is no error/warning
> about using this second Connector, but it still won't work.
Taking PEM files and putting them into a keystore is a real pain in
the neck.
This is the magic formula I've been using for a while, when starting
with PEM files and creating a keystore from scratch:
$ openssl pkcs12 -export -in ${HOSTNAME}.crt \
-inkey ${HOSTNAME}.key \
-certfile CA-intermediate.crt
-out ${HOSTNAME}.p12
-chain
$ $JAVA_HOME/bin/keytool -importkeystore \
-srckeystore ${HOSTNAME}.p12 \
-destkeystore ${HOSTNAME}.jks \
-srcstoretype pkcs12
Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVW3wLAAoJEBzwKT+lPKRYhe0QAJToV385JEvVjnAujgghILzS
3/xLyrOQqbUXo6HVT9+yKtbgtmMqQj7UQ7JQjsDWl0JTrV8e0Y9nJnS91vMZMw8F
aTgf+LqAowH7lehqb0gQRVjmsS1ZSMr51epbAiytx3eZPeOJTc+sxzVyAixrfEDd
UxkEe6dYBI2JA7UnnzbO1OKvpkqYWBksUAKyF0w1X4Lp1AlUeKI+BPEheuWn8RaM
9ppwJxpjTS17GA+hLuPpqH1g4WhxOlzmXewTED1tCrLQ7l3s32/yWaj0jbcfyX+K
++1zzL2/dVdYo0iWA2vRN4udzmgZy7uNVS2i6rtzk9m2udkmWS2dOrJJjwzwu6Yn
QqwbR1/3gP6CUrvE6+8a8zFIyBhju5jVtEeQJeZAZ0KIx//EZvtdFcZPIlzTgap5
y3Wyl3NozpmIrbhjBMZ6EndaW9lUqZHq8kN6IlAH9qGB6zV1snJDw1jn6oEVZWNJ
ADUs8rFIncmrD45AlIESd6Tv8ZjHbFbWUSsrGtotRPkH/Uvm5pU8bMvI106/5IbN
t9bnjSykqpc9Lhpy7JXUlJEgqT54xP8qRXubnppIvSmMtKS5C0F9g787oceF3igS
gZmPDmLXlJcMEHvesPgLu/qWDICoIWiC6qmpPoxYbwN/qtBfyutY+CC32fLhTljw
t1zijZjngG1uamToQ3uN
=pY5F
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
