32.3.12 Apache Portable Runtime Native Library Does Not Get Loaded in Tomcat

The Apache Portable Runtime (APR) native library is not enabled by default. To workaround this issue, enable the APR native library.

Steps to enable the APR native library:

  1. Download OpenSSl from the download site.

  2. Extract the source (tar -zxvf openssl-version).

  3. Compile and install (cd openssl-version) using the ./config, ./config shared, make, and sudo make install commands.

    For example:

    idp:~/openssl-0.9.8q #./config

    idp:~/openssl-0.9.8q #./config sharedapr-1.4.5

    idp:~/openssl-0.9.8q #make

    idp:~/openssl-0.9.8q #sudo make install

  4. Download APR.

  5. Extract the source (tar -zxvf apr-version).

  6. Compile and install (cd apr-version) using the ./configure, make, and sudo make install commands.

    For example:

    idp:~/apr-apr-1.4.5 #./configure

    idp:~/apr-apr-1.4.5 #make

    idp:~/apr-apr-1.4.5 #sudo make install

  7. Create a lib folder under Openssl-version. For example, idp:~/openssl-0.9.8q/lib #

  8. Copy *.so files from openssl-version to lib using idp:~/openssl-0.9.8q/lib #cp ../*.so.

  9. Extract the wrapper library sources located in the Tomcat binary bundle $CATALINA_HOME/bin/tomcat-native.tar.gz or download the latest version.

  10. Extract the source, compile, and install $CATALINA_HOME/bin/tomcat-native-1.1.20-src using this command:

    $CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native# ./configure --with-apr=/apr-version folder location from root --with-java-home=/jdk location from -- libdir=/usr/lib/lib64 --prefix=/usr/lib/lib64 --with-ssl=/openssl folder verion from root.

    Example: Idp1:/var/opt/novell/tomcat7/bin/tomcat-native-1.1.20-src/jni/native#./configure --with-apr=/root/apr-1.4.5 --with-java-home=/opt/novell/jdk1.6.0_26/

    If the message says "checking OpenSSL library version... ok", installation is successful. If it shows "checking OpenSSL library version... is not compatible", installation is not successful.

  11. Tomcat-Native-library compilation and installation:

    idp1:/$CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native # make

    idp1:/$CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native # sudo make install

  12. Go to idp:/usr/lib/lib64 #. Crate link of these two files using the following command:

    Idp:/usr/lib/lib64 # sudo ln -s libtcnative-1.dylib libtcnative-1.jnilib

  13. Copy all files from Idp:$CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native/.libs to your #Native library path (JAVA_LIB_PATH).

    Idp:/var/opt/novell/tomcat7/bin/tomcat-native-1.1.20-src/jni/native/.libs # cp * /opt/novell/lib64

  14. If you are running the application through the APR connectors, it needs the SSL certificate file in the .pem format.

    To Create SSL Certificate File :

    1. Log in to Administration Console.

    2. Under the Security tab, click Certificates.

    3. Select the certificate, which is configured in your IDP Cluster and click that certificate name.

      Example: Configure a certificate with the name [new_idp] and click new_idp.

    4. Click Export Private/Public KeyPair.

    5. Enter the encryption and decryption password.

    6. Save the file. File is saved as .pfx.

    7. Convert the .pfx format to .pem using https://www.sslshopper.com/ssl-converter.html.

      Certificate file to Convert: Enter the location where you have saved the .pfx file.

      Type of Current Certificate: Select PFX/PKCS#12.

      Type To Convert To: select Standard PEM.

      Click ConvertCerficate.

      PFX Password: Enter the same password as given in step e and save the file.

  15. If you need to run your Administration Console by using the APR connector, configure the following details into server.xml of your Administration Console. (vi /opt/novell/nam/adminconsole/conf/server.xml)

    If you need to run your Identity Provider Server using the APR connector you can configure these details into server.xml of your Identity Provider Server. (vi /opt/novell/nam/idp/conf/server.xml)

  16. APR Lifecycle Listener <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

  17. APR Connector configuration:

    Example: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" UploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEngine="on" SSLCertificateFile="${catalina.home}/tomcatcert.pem" SSLCertificateKeyFile="${catalina.home}/tomcatkey.pem" SSLPassword="tomcat" /> Give the SSL Certificate File the same name as you entered for the .pem file.

    NOTE:SSLCertificateFile and sslProtocol are required to run when you are using the APR connectors.

  18. Restart tomcat.