Installing Tomcat Native Connector

Use

This procedure is required only if you choose the option APR/Native Connector for the ECF Web Server variable Tomcat Connector Type.

Procedure

If you are using APR libraries, download and install the tcnative-1.dll according to the following instructions. Choose the 32-bit or 64-bit edition according to Java edition used, and put the .dll file into a place Tomcat can access it.

When you have installed the tcnative-1.dll, go to Infrastructure Administrator (IA) and choose the option APR/Native Connector for the ECF Web Server variable Tomcat Connector Type.

Note: This procedure uses the default certificate file ecfcert_pem. If you use some other name, make sure you enter it in Infrastructure Administrator > APR/Native Settings > Certificate File for APR Connector.

Procedure when Using the Basic Authentication or OAuth

  1. Open a Command Prompt window: Start > Run and then run the command cmd.

  2. Run mmc.

  3. Choose File > Add/Remove Snap-in...

    The Add or Remove Snap-in window opens.

  4. Choose Certificates and click Add.

    A wizard opens.

  5. Select Computer account and click Next.

  6. Select Local computer: (the computer this console is running on) and click Finish.

  7. Click OK.

  8. Right-click the IP/FQDN of the server for which you created the certificate and choose All Task > Export.

    The Certificate Export Wizard window opens.

  9. Click Next.

  10. Select Yes, export the private key and click Next.

  11. Select Personal Information Exchange - PKCS #12 (.PFX) and include all certificates in the certification path if possible and then click Next.

  12. Create a password, enter it and click Next.

  13. Choose the place where you save the file and enter the file name ecfcert.pfx and click Next.

  14. Generate PEM formatted certificate files:

    1. Download and install OpenSSL.

    2. Create certificate files for APR with following steps:

      Note:

      You must have the certificate ecfcert.pfx ready. And if you use certificate authentication, you must also have mycert.cer.

      1. Extract the PEM formatted key from the exported .pfx certificate with the following command:

        openssl pkcs12 -in ecfcert.pfx -nocerts -out private2.pem –nodes

      2. Remove the passphrase with the following command:

        openssl rsa -in private2.pem -out ecfcert_key.pem

      3. Extract the PEM formatted certificate from the exported .pfx certificate with the following command:

        openssl pkcs12 -in ecfcert.pfx -nokeys -out ecfcert.pem

      4. This step is relevant only if you use certificate authentication:

        • Carry out steps 1-9 in the procedure Generating Truststore.

        • Convert the exported SSO certificate (DER formatted) to PEM format with the following command:

          openssl x509 -inform der -in mycert.cer -out ecfcacert.pem

          The name must be ecfcacert.pem.

    3. Copy the following created files to the VU\ecf folder: ecfcert.pem and ecfcert_key.pem. If you are using certificate authentication, you'll also have the file ecfcacert.pem which must be copied to VU\ecf as well.

Procedure when Using the Certificate Authentication

Carry out the steps in the procedure of using basic authentication or OAuth. They are the same for certificate authentication except for the substep 4 of the step 14 which applies only when certificates are used.