Installing Tomcat Native Connector
Use
This procedure is required only if you choose the option APR/Native Connector for the ECF Web Server variable Tomcat Connector Type.
Procedure
If you are using APR libraries, download and install the tcnative-1.dll according to the following instructions. Choose the 32-bit or 64-bit edition according to Java edition used, and put the .dll file into a place Tomcat can access it.
When you have installed the tcnative-1.dll, go to Infrastructure Administrator (IA) and choose the option APR/Native Connector for the ECF Web Server variable Tomcat Connector Type.
Procedure when Using the Basic Authentication or OAuth
-
Open a Command Prompt window: cmd.
and then run the command -
Run mmc.
-
Choose
The Add or Remove Snap-in window opens.
-
Choose Certificates and click Add.
A wizard opens.
-
Select Computer account and click Next.
-
Select Local computer: (the computer this console is running on) and click Finish.
-
Click OK.
-
Right-click the IP/FQDN of the server for which you created the certificate and choose
.The Certificate Export Wizard window opens.
-
Click Next.
-
Select Yes, export the private key and click Next.
-
Select Personal Information Exchange - PKCS #12 (.PFX) and include all certificates in the certification path if possible and then click Next.
-
Create a password, enter it and click Next.
-
Choose the place where you save the file and enter the file name ecfcert.pfx and click Next.
-
Generate PEM formatted certificate files:
-
Download and install OpenSSL.
-
Create certificate files for APR with following steps:
Note:You must have the certificate ecfcert.pfx ready. And if you use certificate authentication, you must also have mycert.cer.
-
Extract the PEM formatted key from the exported .pfx certificate with the following command:
openssl pkcs12 -in ecfcert.pfx -nocerts -out private2.pem –nodes
-
Remove the passphrase with the following command:
openssl rsa -in private2.pem -out ecfcert_key.pem
-
Extract the PEM formatted certificate from the exported .pfx certificate with the following command:
openssl pkcs12 -in ecfcert.pfx -nokeys -out ecfcert.pem
-
This step is relevant only if you use certificate authentication:
-
Carry out steps 1-9 in the procedure Generating Truststore.
-
Convert the exported SSO certificate (DER formatted) to PEM format with the following command:
openssl x509 -inform der -in mycert.cer -out ecfcacert.pem
The name must be ecfcacert.pem.
-
-
-
Copy the following created files to the VU\ecf folder: ecfcert.pem and ecfcert_key.pem. If you are using certificate authentication, you'll also have the file ecfcacert.pem which must be copied to VU\ecf as well.
-
Procedure when Using the Certificate Authentication
Carry out the steps in the procedure of using basic authentication or OAuth. They are the same for certificate authentication except for the substep 4 of the step 14 which applies only when certificates are used.