Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

configuring SSL in tomcat

 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I followed this link (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html) to configure SSL in my tomcat. Here is the summary of what I did:


1.Download JSSE from http://java.sun.com/products/jsse/.

2.Make JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and jsse.jar) into your $JAVA_HOME/jre/lib/ext directory.

3.To create new keystore from scratch, execute the following command from command line:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

4.Give all the information those are asked.

5.If everything was successful, you now have a keystore file at following location: C:/Documents and Settings/<username>

6.Uncomment the connector tag for SSL in server.xml. It will look something like this:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS"/>
-->

7.Start the tomcat and try: https://localhost:8443



But when I access https://localhost:8443 I get 'page can't be displayed' error. What went wrong?

I do have .keystore file at mentioned location. :roll:

Thanks.
[ May 09, 2007: Message edited by: ankur rathi ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What exception / message are you getting ?
Check the catalina.out log file or console.

Are you sure that your keystore file is picked up during startup.
Why do not you specify the location of keystore file explictly using the attribute keystoreFile in connector tag.Even you can specify the keystore password.
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Rahul Bhattacharjee:
What exception / message are you getting ?
Check the catalina.out log file or console.

Are you sure that your keystore file is picked up during startup.
Why do not you specify the location of keystore file explictly using the attribute keystoreFile in connector tag.Even you can specify the keystore password.


Thanks Rahul Sir,

I changed password (from changeit) but didn't specify that in server.xml. Now I am seeing that Security Alert window that I see when I access my demate account. I can see my certificate details also.

Thanks.
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Steps to Configure SSL into Tomcat


1.Download JSSE from http://java.sun.com/products/jsse/.

2.Make JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and jsse.jar) into your $JAVA_HOME/jre/lib/ext directory.

3.To create new keystore from scratch, execute the following command from command line:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

4.Give all the information those are asked.

5.If everything was successful, you now have a keystore file at following location: / C:/Documents and Settings/<username>

6.Uncomment the connector tag for SSL in server.xml. It will look something like this:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS"/>
-->

7.Add �keystorePass� attribute in Connector tag if you changed password to something else from �changeit�

For example:

<Connector
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true";
clientAuth="false" sslProtocol="TLS" keystorePass="ankurrathi"/>

8.Start the tomcat and try: https://localhost:8443



 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by ankur rathi:



I changed password (from changeit) but didn't specify that in server.xml. Now I am seeing that Security Alert window that I see when I access my demate account. I can see my certificate details also.


Thats exactly what you want.


 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Note that JSSE only needs to be installed on very old JREs (up to 1.3). Starting with Java 1.4 it's part of the standard JRE.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic