First we need Apache Portable Runtime (APR) in order to enable OpenSSL support and generally optimize Tomcat performance. It you are running Gentoo:
emerge -v tomcat-native |
To enable APR edit your server.xml file and add the following line:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> |
Depending on your configuration APR listener may be enabled by default.
Next on the Open SSL part. Back in your server.xml file, add an SSL connector:
<connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEngine="on" SSLCertificateFile="/path/to/your/certificate.crt" SSLCertificateKeyFile="/path/to/your/certificate.key"> </connector> |
If you need an intermediate crt file add the following in your connector directive:
SSLCertificateChainFile="/path/to/your/intermediate.crt" |
Restart Tomcat and you should be up and running with OpenSSL support. APR complete documentation is available here.