I am trying to get HTTPS/TLS enabled for Tomacat (8.x) preferring the OpenSSL alternative because the cert/key configuration is simpler (compared to the usual JSSE with keystore).
Followed the offical documentation and enabled the connector section like this:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"><SSLHostConfig protocols="TLSv1.2"><Certificate certificateKeyFile="conf/MyKey.key" certificateFile="conf/MyCertificate.crt" type="RSA" /></SSLHostConfig></Connector>
NOTE that I am still using Http11NioProtocol
and not APR Http11AprProtocol
connector.
However, startup fails with this configuration as this combination of configuration seems to require Tomcat native libraries to be built and configured:
14-Jun-2019 10:38:46.363 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:621) at org.apache.catalina.startup.Catalina.load(Catalina.java:644) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)Caused by: java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.Pool.create(J)J at org.apache.tomcat.jni.Pool.create(Native Method) at org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:70) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getImplementedProtocols(OpenSSLUtil.java:61) at org.apache.tomcat.util.net.SSLUtilBase.<init>(SSLUtilBase.java:53) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.<init>(OpenSSLUtil.java:41) at org.apache.tomcat.util.net.openssl.OpenSSLImplementation.getSSLUtil(OpenSSLImplementation.java:36) at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:104) at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1082) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:267) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
I did build and install Tomcat native+APR library and configured in Tomcat env class path which fixed the issue, but that is besides the point. Point is, shouldn't APR/native libraries be only required if I am using Http11AprProtocol
which I am not using? What am I missing? Any pointers/help will be much appreciated. Thanks!