aspose file tools*
The moose likes Security and the fly likes configuring SSL in tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "configuring SSL in tomcat" Watch "configuring SSL in tomcat" New topic
Author

configuring SSL in tomcat

ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Hi,

I followed this link (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html) to configure SSL in my tomcat. Here is the summary of what I did:


1.Download JSSE from http://java.sun.com/products/jsse/.

2.Make JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and jsse.jar) into your $JAVA_HOME/jre/lib/ext directory.

3.To create new keystore from scratch, execute the following command from command line:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

4.Give all the information those are asked.

5.If everything was successful, you now have a keystore file at following location: C:/Documents and Settings/<username>

6.Uncomment the connector tag for SSL in server.xml. It will look something like this:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS"/>
-->

7.Start the tomcat and try: https://localhost:8443



But when I access https://localhost:8443 I get 'page can't be displayed' error. What went wrong?

I do have .keystore file at mentioned location. :roll:

Thanks.
[ May 09, 2007: Message edited by: ankur rathi ]
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
What exception / message are you getting ?
Check the catalina.out log file or console.

Are you sure that your keystore file is picked up during startup.
Why do not you specify the location of keystore file explictly using the attribute keystoreFile in connector tag.Even you can specify the keystore password.


Rahul Bhattacharjee
LinkedIn - Blog
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830
Originally posted by Rahul Bhattacharjee:
What exception / message are you getting ?
Check the catalina.out log file or console.

Are you sure that your keystore file is picked up during startup.
Why do not you specify the location of keystore file explictly using the attribute keystoreFile in connector tag.Even you can specify the keystore password.


Thanks Rahul Sir,

I changed password (from changeit) but didn't specify that in server.xml. Now I am seeing that Security Alert window that I see when I access my demate account. I can see my certificate details also.

Thanks.
ankur rathi
Ranch Hand

Joined: Oct 11, 2004
Posts: 3830

Steps to Configure SSL into Tomcat


1.Download JSSE from http://java.sun.com/products/jsse/.

2.Make JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and jsse.jar) into your $JAVA_HOME/jre/lib/ext directory.

3.To create new keystore from scratch, execute the following command from command line:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

4.Give all the information those are asked.

5.If everything was successful, you now have a keystore file at following location: / C:/Documents and Settings/<username>

6.Uncomment the connector tag for SSL in server.xml. It will look something like this:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS"/>
-->

7.Add �keystorePass� attribute in Connector tag if you changed password to something else from �changeit�

For example:

<Connector
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS" keystorePass="ankurrathi"/>

8.Start the tomcat and try: https://localhost:8443



Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by ankur rathi:



I changed password (from changeit) but didn't specify that in server.xml. Now I am seeing that Security Alert window that I see when I access my demate account. I can see my certificate details also.


Thats exactly what you want.


Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41855
    
  63
Note that JSSE only needs to be installed on very old JREs (up to 1.3). Starting with Java 1.4 it's part of the standard JRE.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: configuring SSL in tomcat