一、安装openssl
wget https://www.openssl.org/source/openssl-1.0.2h.tar.gz
tar -zxf openssl-1.0.2h.tar.gz
cd openssl-1.0.2h
./config -fPIC --prefix=/usr/local/openssl
make
make install
#制作软链接
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
注意,在./config时要加上选项-fPIC,不然到后面安装tomcat native包的时候会报错。另外,不用–profix指定安装目录的话,默认应该是安装在/usr/local/ssl目录。
二、安装apr及apr-util
yum install expat-devel
安装apr
cd /usr/local/src
tar -zxf apr-1.6.5.tar.gz
cd apr-1.6.5
./configure --prefix=/usr/local/apr
make
make install
安装apr-util
cd /usr/local/src
tar -zxf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1
./configure --with-apr=/usr/local/apr
make && make install
上面安装完后设置下环境变量:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/apr/lib
也可以将/usr/local/apr/lib包路径添加到/etc/ld.so.conf文件:
echo "/usr/local/apr/lib" >> /etc/ld.so.conf
三、安装tomcat native
tomcat的bin目录下面就有一个tomcat-native.tar.gz包,将其解压后进行编译安装:
tar -zxf tomcat-native.tar.gz
cd tomcat-native-1.2.21-src/native/
./configure --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.8.0_191 --with-ssl=/usr/local/openssl
make && make install
四、Tomcat SSL配置
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateKeystoreFile="cert/keystore.pfx"
certificateKeystorePassword="..."
certificateKeystoreType="PKCS12" />
</SSLHostConfig>
</Connector>
