APR SSL

 

Overview

Apache Tomcat 6.0 can take advantage of the "Apache Portable Runtime (APR) based Native library for Tomcat"

This increases performance significantly.

Steps for Windows based installs

  • When installing apache, select it as described here Download from >>http://tomcat.heanet.ie/native/ as described in reference 1.
  • Create a key and CSR, or convert an existing one as desribed in reference 2. i.e.
    • openssl pkcs12 -in whatever.pfx -out pfxoutput.txt
    • cut in two
    • openssl rsa -in encrypted.key -out unencrypted.key
  • Paste in a APR compatible SSL connector like follows:
<Connector port="443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEnabled="true" 
               SSLCertificateFile="conf/admsrv.crt"
               SSLCertificateKeyFile="conf/admsrv.key" />


Steps for Linux based installs

    Let's assume you're using a Redhat derivative. CenOS for example.

    Step 1: Install the APR and Tomcat Native Libs

    1. add the EPEL (Extra Repos) to your system. 
      1. wget http://linux.mirrors.es.net/fedora-epel/6/i386/epel-release-6-7.noarch.rpm   # (or current)
      2. rpm -ivh epel-release-6-7.noarch.rpm
    2. Install the APR a.nd Tomcat Wrapper
      1. yum install apr tomcat-native
    3. Generate a self signed key and crt
      1. openssl genrsa -out server.key
      2. openssl req -new -x509 -key server.key -out cacert.pem -days 1095
    4. Configure the connecter as above
      1. vim server.xml
      2. etc. etc

     




    References

    1. >>http://tomcat.apache.org/tomcat-6.0-doc/apr.html
    2. >>http://www.aquezada.com/staff/julian/journal/?p=118
    Comments