File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes SSL certificates for each one of the Tomcat Instances on single machine Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "SSL certificates for each one of the Tomcat Instances on single machine" Watch "SSL certificates for each one of the Tomcat Instances on single machine" New topic
Author

SSL certificates for each one of the Tomcat Instances on single machine

Krishna Reddivari
Greenhorn

Joined: Mar 30, 2009
Posts: 5
Hey .. can any one assist me to get info or steps to configure SSL certiifcate to each one of the Tomcat Instances on the same machine.....

Here is the description :-

Environment :- Red Hat Enterprise Linux 5 - Apache 2.2.11 [ Port 80 - SSL - assigned to www.domain-name.com ] - Tomcat Instance 1 [ 5.5.26 - 8080 ] -Tomcat Instance 2 [5.5.26 - 8081]

We have a domain www.domain-name.com , registered with apache on port 80 with SSL . Now we would liek to have 2 tomcats , with 2 different applications , with SSL enabled. So when one tomcat instance is active , apache will redirect to tomcat instance 1. For example :-

when client enters www.domain-name.com/ticker , apache redirects to Tomcat instance 1 where ticker.war file has been deployed and same with second instance of tomcat. We need these 2 with SSL configured.

So is dis setup possible, if so .. how .. ! If you guys have any better idea thna this crappy one .. please let me know..

Appreciated..

Regards,
Oracle DBA working on Tomcat setup
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

"standby user", please check your private messages regarding an important administrative matter.

Thank you.
Duc Vo
Ranch Hand

Joined: Nov 20, 2008
Posts: 254
Krishna Reddivari wrote:
We have a domain www.domain-name.com , registered with apache on port 80 with SSL

Why do you want to set SSL on standard HTTP port 80 but not standard HTTPS port 443?


Krishna Reddivari wrote:
when client enters www.domain-name.com/ticker , apache redirects to Tomcat instance 1 where ticker.war file has been deployed and same with second instance of tomcat. We need these 2 with SSL configured.

So Apache acts as a proxy server between request clients and Tomcat instances, right? You shouldn't need SSL configured for Tomcat instances in that case especially if they are all on the same server. It will be like you and your teammate working in the same cubical and use cryptext to talk to each other.

Krishna Reddivari wrote:
So is dis setup possible, if so .. how .. ! If you guys have any better idea thna this crappy one .. please let me know..

Yes it is possible.
(1) Just follow apache tutorial to set up a HTTPS using SSL to serve the external clients.
(2) Setting up connector between apache and tomcat instances using standard setup normally should be via port 8009 though, from the tutorial as well. I haven't done it for awhile can't help much with details, but you can google with keywords: apache connector tomcat instances.

Good luck,


“Everything should be as simple as it is, but not simpler.” Albert Einstein
Krishna Reddivari
Greenhorn

Joined: Mar 30, 2009
Posts: 5
Hi Duc Vo,

Thanks for the reply.

My apologizes i didnt mention mroe details here ... yes Apache's SSL has been configured to 443.

And yes , am using mod_ssl.so module to redirect from Apache to Tomcat.. When it redirects .. it changing from secure to non secure. let me explain more here :-

www.domain-name.com/ticker1 , will give an application login page with https://www.domain-name.com/ticker1 , empty fields for credentials.. .once the authentication is done .. it asks for confirmation whether to redirect to non secure or not , if answered YES, it gives me http://ipaddress:8080/ticker.

If answered no, as you can expect, we cant do anything...the page remains https://www.domain-name.com/ticker1 for login credentials again ...

so am i missing something here . .... ??? If not, please provide me any alternative.

Thanks once again for your reply.

Regards,

Krishna
Duc Vo
Ranch Hand

Joined: Nov 20, 2008
Posts: 254
Krishna Reddivari wrote:
www.domain-name.com/ticker1 , will give an application login page with https://www.domain-name.com/ticker1 , empty fields for credentials.. .once the authentication is done .. it asks for confirmation whether to redirect to non secure or not , if answered YES, it gives me http://ipaddress:8080/ticker.

This is the part that you did wrong. It should redirect to https://www.domain-name.com/ticker instead i.e. you shouldn't have to hard code the full URL.
Anyway, have you set up the connector between apache and tomcat yet?
Krishna Reddivari
Greenhorn

Joined: Mar 30, 2009
Posts: 5
Hi Duc Vo,

Thanks for the response.

Yes I did try with https://www.domain-name.com/ticker , but that never showed up the any page ..i always get 404 message or similar to that .will post exact message in couple of mins...

Yes i did configure 2 different setup with apache to redirect to Tomcat .

a. using mod_jk

b. using mod_ssl

Please let meknow.

Krishna Reddivari
Greenhorn

Joined: Mar 30, 2009
Posts: 5
Duc Vo,

Here is the conf i did in /etc/httpd/conf.d/ssl.conf

ProxyPass /jsp-examples https://localhost:8080/jsp-examples
ProxyPassReverse /jsp-examples https://localhost:8080/jsp-examples

please have a look at the attachment for the error message.

Thank you for your support.



[Thumbnail for 500 error.jpg]

Duc Vo
Ranch Hand

Joined: Nov 20, 2008
Posts: 254
Post the part that you've set up mod_jk here. I can't be of any help if there is no detail.
Duc Vo
Ranch Hand

Joined: Nov 20, 2008
Posts: 254
Your information doesn't help much mate. The 500 internal server error can be anything. Have you installed mod_proxy_ajp for your apache yet? and what does it say in your httpd log file?

Anyway you'll need to do it in three steps
(1) Make both tomcat instances can core exist
(2) Make apache forward requests to tomcat instances via AJP connector
(3) Set up SSL for apache (properly you've already done this)

Make both tomcat instances can core exist
- Search for the files named "server.xml" in your tomcat instances normally it should be under directory $TOMCAT_HOME$/conf
- Edit the file and search for AJP Connector settings, it should look like below.

- Change the settings to make sure that the two instances have different ports. (i.e. 8009 for one and 8007 for another).
- Restart both tomcat instances

Make apache to forward requests to tomcat instances via AJP connector
Read here http://tomcat.apache.org/connectors-doc/generic_howto/quick.html
Note that you'll have to do it one for each tomcat instance.

Set up SSL for apache
Read here http://httpd.apache.org/docs/2.2/ssl

Hope it help,


Krishna Reddivari
Greenhorn

Joined: Mar 30, 2009
Posts: 5
Hi Duc Vo,

Thanks for the information. I appreciate it.

But so unfortunate to say that , i followed same / similar setup for my current configuration.

May be am missing some vital information here ...

Let me rephrase my objective or goal ....

When apache gets redirected to Tomcat .. I do have HTTPS... when once I login into the application, the HTTPS changes to HTTP i.e. Secure communication to non secure.

So, do you think I need to change any code with in our application ...???

Kindly ... reply.

Thanks.
Duc Vo
Ranch Hand

Joined: Nov 20, 2008
Posts: 254
Krishna Reddivari wrote:
When apache gets redirected to Tomcat .. I do have HTTPS... when once I login into the application, the HTTPS changes to HTTP i.e. Secure communication to non secure.

It seems you application do some absolution URL redirect, you may have to get that fixed first.
 
wood burning stoves
 
subject: SSL certificates for each one of the Tomcat Instances on single machine