Thank you Chris for both the replies. By tomorrow I will reply what I have done. Need the night to look deeper into things and see where I am making mistakes and if I can solve my issue with your replies. :)
-----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 19 May, 2015 21:16 To: Tomcat Users List Subject: Re: Problem with APR library - Tomcat 7 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dejan, On 5/19/15 2:08 PM, Christopher Schultz wrote: > Dejan, > > On 5/19/15 11:58 AM, Dejan Stamenov wrote: >> Maybe I have messed up really bad, so I can't solve it now. I will >> start over with this, can you tell me if this are the steps I need to >> do for it to work: > >> install libapr1-devinstall tcnativeWill I need to make that specific >> .sh file in the Tomcat /bin directory after I have done these 2 >> steps? > > If it were me, I would: > > 1. Remove all traces of the APR source and binary that you downloaded > and built for yourself. 2. Make sure that the packages > libapr1 and libapr1-dev are installed via apt-get 3. Make sure you > build tcnative such that, after: > > $ make distclean $ ./configure [...] $ make > > ... you have some .so files sitting-around somewhere. > > 4. Copy those files into CATALINA_BASE/bin > > 5. When you launch, make sure that java.library.path includes > CATALINA_BASE/bin > >> Also, can I use something else than APR library connector? > > Yes. All Tomcat connectors support TLS. > > The APR-based connector will outperform all other connectors when > using TLS by an order of magnitude. If you are serious about > performance, you should either use the APR-based connector or > terminate TLS elsewhere (like a reverse proxy) and not have Tomcat do > any crypto at all. > >> I have been trying to make it work now with a keystore, but when I >> access my application I get "The connection was reset" error. >> In my keystore, I have my server certificate, my intermediate file >> and primary cert file which have been given to me (the last 2). Also, >> when I look into the logs of the server there is no error/warning >> about using this second Connector, but it still won't work. > > Taking PEM files and putting them into a keystore is a real pain in > the neck. > > This is the magic formula I've been using for a while, when starting > with PEM files and creating a keystore from scratch: > > $ openssl pkcs12 -export -in ${HOSTNAME}.crt \ -inkey ${HOSTNAME}.key > \ -certfile CA-intermediate.crt -out > ${HOSTNAME}.p12 -chain > > $ $JAVA_HOME/bin/keytool -importkeystore \ -srckeystore > ${HOSTNAME}.p12 \ -destkeystore ${HOSTNAME}.jks \ -srcstoretype > pkcs12 > > Hope that helps, -chris FWIW, this is the portion of my Tomcat package testing script. This script is completely automated and fetches a release candidate, builds everything, and tests everything. You should be able to see how everything is built and where it all goes. Some environment variables are not set, because this is only the snip of the script that deals with tcnative. Note that I don't show the launch of the JVM, so you don't see where java.library.dir is set. I have also not corrected for line wrapping/formatting. I hope this helps, - -chris echo Building tcnative... mkdir -p "${BASE_SOURCE_DIR}/output/build/bin/native" tar xz --directory "${BASE_SOURCE_DIR}/output/build/bin/native" -f "${BASE_DIR}/ downloads/tomcat-native"*"/tomcat-native"*".tar.gz" if [ "0" != "$?" ] ; then echo "* Failed to unpack tcnative. Quitting." exit fi OWD=`pwd` cd "${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-"*/jni/nati ve ./configure --with-apr=/usr/bin --with-ssl=yes - --with-java-home="${TEST_JAVA_HOME}" # /usr/lib/jvm/java-6-sun/ result=$? if [ "0" != "$result" ] ; then echo "* !! tcnative configure returned non-zero result ($result). Quitting." exit fi cd "${OWD}" make -C "${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-"*/jni/native result=$? if [ "0" != "$result" ] ; then echo "* !! tcnative make returned non-zero result ($result). Quitting. " exit else echo "* tcnative builds cleanly" fi cp -d "${BASE_SOURCE_DIR}/output/build/bin/native/tomcat-native-"*/jni/native/ .libs/* "${BASE_SOURCE_DIR}/output/build/bin/native" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVW4vSAAoJEBzwKT+lPKRYRwMQAIWp4DODO4kOyRGXUmpa2WZt CZ230wXRf1Mgl7j620S5tlDPTLpLnc8GA2TmKydvuDwAmcof0UixIvSFJVr9l3d5 unRG3sP/trfBH0iSbzWue9Ep2CZYNx5l6wjfhKlSVT18OU3zPshIKIXl+BZIGvX/ p7YkXY1Jvb4xgg5jIbVZPSAq+dyQCJEGeS8FwiqnpsYDQooK/GEF+uqU/qiXw8BP yqhVCV3ZJhtR8I/V5CJaCl0apzXI2MMGZ8f8zG2vTflpo7sH5GhwcpH69i8VeLwb hdHypjdUW3C5TSPO59wzxCZA7DHLfKHxr2QPYxnkjwVf6zZ+JsCrAJ8jMrNt2sUD BnAGxmK8v4Pnf6EzLOgycyIJT+sYETmHMk5t68d503zu9xAlToisMIDhlyb3WUoG 9IhNEweHAK3n8W7C21wWktZFBO5TPhlGrcClEBj4Kr/V9KV0xK/NfiLLL0dV6GqN fDhU/KWZgQDx5hn3jajlWhfMrsAYCn9WPwbBSwMk4QVJlosIo0RIXM/nWHfZDtW1 LTV7UHyU6Me0xTaebokhAh97Si0Hd2d056RotZJb6RwEEaHe36C4En8ZuN4R6zAG Fe7h9Gs1gglHeyejo4wvCWQxT0fQe9SlwuEMyZJjCG4IPhRxPHEuyp8UgNwGZfpx oM7ZXPB5J3s2RQRDsjxU =6Ym+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
