I am going to contribute a step by step guide to the documentation (only for developers) when I got it working for me.
kind regards Tobias > Am 03.04.2016 um 22:09 schrieb Terence M. Bandoian <tere...@tmbsw.com>: > >> On 4/2/2016 10:29 PM, Tobias Soloschenko wrote: >> Hi, >> >> I am trying to get http/2 working on Mac OS X 10.11.4 - these are the steps >> I used: >> >> 1. Install Brew: http://brew.sh/ >> >> 2. Download Apache Tomcat 9 https://tomcat.apache.org/download-90.cgi >> >> 3. Download Xcode command line tools by opening the terminal and execute >> “xcode-select —install” >> >> 4. Download Xcode from the AppStore >> >> 5. Create a symlink for the xctoolchain: >> >> sudo ln -s >> /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain >> /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain >> >> 6. Install APR and OPENSSL with “brew install openssl” and “brew install apr” >> >> 7. Install tomcat native by extracting bin/tomcat-native.tar.gz and run >> “./configure --with-ssl=/usr/local/Cellar/openssl/1.0.2g >> --prefix=/Applications/apache-tomcat-9.0.0.M4 >> --with-apr=/usr/local/Cellar/apr/1.5.2 && make && make install” in >> tomcat-native-1.2.5-src/native - see >> >> https://tomcat.apache.org/tomcat-9.0-doc/apr.html >> >> 8. export JAVA_OPTS=-Djava.library.path=/usr/local/apr/lib >> >> 9. Create pem files in conf folder: >> >> /usr/local/Cellar/openssl/1.0.2g/bin/openssl genrsa -des3 -out >> localhost-rsa-key 1024 >> >> /usr/local/Cellar/openssl/1.0.2g/bin/openssl genrsa -out localhost-key 1024 >> >> /usr/local/Cellar/openssl/1.0.2g/bin/openssl rsa -in localhost-rsa-key -out >> localhost-key >> >> /usr/local/Cellar/openssl/1.0.2g/bin/openssl req -new -key localhost-key >> -out localhost-csr >> >> /usr/local/Cellar/openssl/1.0.2g/bin/openssl x509 -req -days 365 -in >> localhost-csr -signkey localhost-key -out localhost-crt >> >> cat localhost-key localhost-crt > localhost-rsa-cert.pem >> >> cat localhost-rsa-cert.pem > localhost-rsa-chain.pem >> >> cat localhost-rsa-key > localhost-rsa-key.pem >> >> 10. Uncomment the http/2 connector in the server.xml > > > Is this procedure included in the Tomcat documentation? Seems like it would > be useful if it isn't. > > Thanks. > > -Terence Bandoian > http://www.tmbsw.com/ > > >> >> I am currently facing those issues (out of the log): >> >> >> >> 02-Apr-2016 09:15:13.415 INFO [main] >> org.apache.catalina.startup.VersionLoggerListener.log Command line argument: >> -Djava.io.tmpdir=/Applications/apache-tomcat-9.0.0.M4/temp >> >> 02-Apr-2016 09:15:13.415 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR >> based Apache Tomcat Native library 1.2.5 using APR version 1.4.8. >> >> 02-Apr-2016 09:15:13.415 INFO [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR >> capabilities: IPv6 [true], sendfile [true], accept filters [false], random >> [true]. >> >> 02-Apr-2016 09:15:13.418 SEVERE [main] >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Failed to >> initialize the SSLEngine. >> >> org.apache.tomcat.jni.Error: 70023: This function has not been implemented >> on this platform >> >> at org.apache.tomcat.jni.SSL.initialize(Native Method) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:497) >> >> at >> org.apache.catalina.core.AprLifecycleListener.initializeSSL(AprLifecycleListener.java:284) >> >> at >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent(AprLifecycleListener.java:136) >> >> at >> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:94) >> >> at >> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:401) >> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:104) >> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:606) >> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:629) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:497) >> >> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311) >> >> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494) >> >> >> >> 02-Apr-2016 09:15:13.655 INFO [main] org.apache.coyote.AbstractProtocol.init >> Initializing ProtocolHandler ["http-nio-8080"] >> >> 02-Apr-2016 09:15:13.683 INFO [main] >> org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared >> selector for servlet write/read >> >> 02-Apr-2016 09:15:13.686 INFO [main] >> org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The >> ["https-apr-8443"] connector has been configured to support negotiation to >> [h2] via ALPN >> >> 02-Apr-2016 09:15:13.686 INFO [main] org.apache.coyote.AbstractProtocol.init >> Initializing ProtocolHandler ["https-apr-8443"] >> >> 02-Apr-2016 09:15:13.706 WARNING [main] >> org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit> Failed getting >> cipher list >> >> java.lang.Exception: Not implemented >> >> at org.apache.tomcat.jni.SSL.newSSL(Native Method) >> >> at >> org.apache.tomcat.util.net.openssl.OpenSSLEngine.<clinit>(OpenSSLEngine.java:81) >> >> at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:363) >> >> at >> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:798) >> >> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:547) >> >> at >> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66) >> >> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1010) >> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> >> at >> org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) >> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> >> at >> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:873) >> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) >> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:606) >> >> at org.apache.catalina.startup.Catalina.load(Catalina.java:629) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:497) >> >> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311) >> >> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494) >> >> >> Any idea? step 9 might be wrong - I never created self signed certs / pems >> before >> >> Additional note: I am using jdk1.8.0_66.jdk >> >> Assumption: It might be that the wrong version of ssl is used and not the >> one out of: /usr/local/Cellar/openssl/1.0.2g >> >> kind regards >> >> Tobias > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
