Using OpenSSL with Apache Tomcat 6

First we need Apache Portable Runtime (APR) in order to enable OpenSSL support and generally optimize Tomcat performance. It you are running Gentoo:

emerge -v tomcat-native

To enable APR edit your server.xml file and add the following line:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

Depending on your configuration APR listener may be enabled by default.

Next on the Open SSL part. Back in your server.xml file, add an SSL connector:

<connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               SSLEngine="on" 
               SSLCertificateFile="/path/to/your/certificate.crt"
               SSLCertificateKeyFile="/path/to/your/certificate.key">
</connector>

If you need an intermediate crt file add the following in your connector directive:

SSLCertificateChainFile="/path/to/your/intermediate.crt"

Restart Tomcat and you should be up and running with OpenSSL support. APR complete documentation is available here.