环境信息:
Native library 1.1.30
APR version 1.4.8
Apache Tomcat Version 6.0.41
redhat7.1
软件安装一览:
$ rpm -qa | grep apr
apr-util-1.5.2-6.el7.x86_64
apr-util-devel-1.5.2-6.el7.x86_64
apr-1.4.8-3.el7.x86_64
apr-devel-1.4.8-3.el7.x86_64
$ rpm -qa | grep openssl
openssl-1.0.1e-42.el7.x86_64
openssl-devel-1.0.1e-42.el7.x86_64
openssl-libs-1.0.1e-42.el7.x86_64安装配置Native library:
1.编辑/etc/profile,追加以下内容:
export JAVA_HOME="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64/"
export JRE_HOEM="/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64/jre"
export PATH=$PATH:$JAVA_HOME
export CLASSPATH=./:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64/lib:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64/jre/lib
export LD_LIBRARY_PATH=/usr/local/apr/lib2.配置
$ ./configure --with-java-home=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.75-2.5.4.2.el7_0.x86_64/ --with-apr=/usr/bin/apr-1-config --with-ssl=/usr/bin3.安装
$ make
$ make install
$ ln -s /usr/local/apr/lib/libtcnative-1.so /usr/lib64/libtcnative-1.so
$ ln -s /usr/local/apr/lib/libtcnative-1.la /usr/lib64/libtcnative-1.la修改Tomcat配置文件server.xml,指定密钥和证书
(密钥和证书的制作请参照:openssl密钥证书相关操作)
<Connector port="21000"
protocol="org.apache.coyote.http11.Http11AprProtocol"
scheme="https"
secure="true"
SSLEnabled="true"
SSLCertificateFile="/opt/tomcat/certs/server.crt"
SSLCertificateKeyFile="/opt/tomcat/certs/server.key"
SSLCACertificateFile="/opt/tomcat/certs/my-ca.crt"
SSLCACertificatePath="/opt/tomcat/certs/"
SSLProtocol="TLSv1"
clientAuth="false"
SSLVerifyClient="optional" />