The Apache Portable Runtime (APR) native library is not enabled by default. To workaround this issue, enable the APR native library.
Steps to enable the APR native library:
Download OpenSSl from the download site.
Extract the source (tar -zxvf openssl-version).
Compile and install (cd openssl-version) using the ./config, ./config shared, make, and sudo make install commands.
For example:
idp:~/openssl-0.9.8q #./config
idp:~/openssl-0.9.8q #./config sharedapr-1.4.5
idp:~/openssl-0.9.8q #make
idp:~/openssl-0.9.8q #sudo make install
Download APR.
Extract the source (tar -zxvf apr-version).
Compile and install (cd apr-version) using the ./configure, make, and sudo make install commands.
For example:
idp:~/apr-apr-1.4.5 #./configure
idp:~/apr-apr-1.4.5 #make
idp:~/apr-apr-1.4.5 #sudo make install
Create a lib folder under Openssl-version. For example, idp:~/openssl-0.9.8q/lib #
Copy *.so files from openssl-version to lib using idp:~/openssl-0.9.8q/lib #cp ../*.so.
Extract the wrapper library sources located in the Tomcat binary bundle $CATALINA_HOME/bin/tomcat-native.tar.gz or download the latest version.
Extract the source, compile, and install $CATALINA_HOME/bin/tomcat-native-1.1.20-src using this command:
$CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native# ./configure --with-apr=/apr-version folder location from root --with-java-home=/jdk location from -- libdir=/usr/lib/lib64 --prefix=/usr/lib/lib64 --with-ssl=/openssl folder verion from root.
Example: Idp1:/var/opt/novell/tomcat7/bin/tomcat-native-1.1.20-src/jni/native#./configure --with-apr=/root/apr-1.4.5 --with-java-home=/opt/novell/jdk1.6.0_26/
If the message says "checking OpenSSL library version... ok", installation is successful. If it shows "checking OpenSSL library version... is not compatible", installation is not successful.
Tomcat-Native-library compilation and installation:
idp1:/$CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native # make
idp1:/$CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native # sudo make install
Go to idp:/usr/lib/lib64 #. Crate link of these two files using the following command:
Idp:/usr/lib/lib64 # sudo ln -s libtcnative-1.dylib libtcnative-1.jnilib
Copy all files from Idp:$CATALINA_HOME/bin/tomcat-native-1.1.20-src/jni/native/.libs to your #Native library path (JAVA_LIB_PATH).
Idp:/var/opt/novell/tomcat7/bin/tomcat-native-1.1.20-src/jni/native/.libs # cp * /opt/novell/lib64
If you are running the application through the APR connectors, it needs the SSL certificate file in the .pem format.
To Create SSL Certificate File :
Log in to Administration Console.
Under the Security tab, click Certificates.
Select the certificate, which is configured in your IDP Cluster and click that certificate name.
Example: Configure a certificate with the name [new_idp] and click new_idp.
Click Export Private/Public KeyPair.
Enter the encryption and decryption password.
Save the file. File is saved as .pfx.
Convert the .pfx format to .pem using https://www.sslshopper.com/ssl-converter.html.
Certificate file to Convert: Enter the location where you have saved the .pfx file.
Type of Current Certificate: Select PFX/PKCS#12.
Type To Convert To: select Standard PEM.
Click ConvertCerficate.
PFX Password: Enter the same password as given in step e and save the file.
If you need to run your Administration Console by using the APR connector, configure the following details into server.xml of your Administration Console. (vi /opt/novell/nam/adminconsole/conf/server.xml)
If you need to run your Identity Provider Server using the APR connector you can configure these details into server.xml of your Identity Provider Server. (vi /opt/novell/nam/idp/conf/server.xml)
APR Lifecycle Listener <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
APR Connector configuration:
Example: <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" UploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEngine="on" SSLCertificateFile="${catalina.home}/tomcatcert.pem" SSLCertificateKeyFile="${catalina.home}/tomcatkey.pem" SSLPassword="tomcat" /> Give the SSL Certificate File the same name as you entered for the .pem file.
NOTE:SSLCertificateFile and sslProtocol are required to run when you are using the APR connectors.
Restart tomcat.