GeeCON Prague 2014*
The moose likes Tomcat and the fly likes How to enable SSL for only one site in Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Products » Tomcat
Bookmark "How to enable SSL for only one site in Tomcat" Watch "How to enable SSL for only one site in Tomcat" New topic
Author

How to enable SSL for only one site in Tomcat

Justin Howard
Ranch Hand

Joined: Feb 19, 2009
Posts: 162
Hi All,

I am using Tomcat 6. How to enable SSL to only one site without affecting the other sites in server.xml.

Suppose there are two applications using port 8080. How to apply it to only one of the apps.

Thanks
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19697
    
  20

Moving to Tomcat.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12792
    
    5
The whole point of SSL is that it has to have a separate port - "https" cant share with normal "http" URLs. The following is from a Tomcat 6 server.xml file, normally commented out.



Take a look at your Tomcat server.xml - the normal Connector has a "redirectPort" attribute that tells where the SSL port lives.

So if you have a SSL Connector defined, you can have one app use https URLs as needed.

Bill
Justin Howard
Ranch Hand

Joined: Feb 19, 2009
Posts: 162
Thanks for the reply.

Few questions regarding the configuration for SSL to be applied on the app.

Does this need additional configuring in the IIS?

How does the certificate get applied this app?

How to configure the app to use port 8443 instead of port 8080.

Is there any other configuration needed other than the one in server.xml?

Thanks
Jasmine kaur
Ranch Hand

Joined: Nov 25, 2003
Posts: 157
To enable SSL you have to uncomment the given below mapping to enable SSL in server.xml file .
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

Anwser of your second question that how to get certificate , to create a certificate you have to use keytool utility in java to create a certificate and using jarsigner utility you have to sign your Application jar file.

Thanks



jasmine kaur
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16103
    
  21

You don't certify an app, you certify a server. Different apps in Tomcat don't have different certificates, instead they all share the same one. This isn't normally a problem, since the cert isn't part of the app anyway.

Use of SSL is determined by the transport security definitions in an app's web.xml file. You can - and I do - have apps with public sections that don't require SSL and private sections that do require SSL. Once a user has been switched into SSL mode, even the public access can continue under SSL, but secured sections can only work under SSL.

The first part of any URL is its protocol specification. When you specify "http", you're declaring that you intend to communicate using the HTTP protocol to port 80 of the destination server. When you specify "https", you're declaring an intent to use https (including SSL) to port 443 on that server. These are defaullt ports and can be overridden. One of the more famous examples is Tomcat, which, as shipped listens on port 8080 instead of port 80 so that it can easily share a server container with the Apache HTTP Server. So direct access to Tomcat is done by appending a port override: "http://hostname:8080/webapp/url". Likewise for https: "http://hostname:8443/webapp/secureurl".


Customer surveys are for companies who didn't pay proper attention to begin with.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12792
    
    5
Does this need additional configuring in the IIS?




Eeeek - you are using IIS as a front-end? You better hit the IIS forums for configuration hints, I don't think many people here are stuck with that.

Bill
Justin Howard
Ranch Hand

Joined: Feb 19, 2009
Posts: 162
Thanks for the replies.

The server has the certificate already Microsoft CA 128 bit SSL compatible with SSL version 1 and 3.

I have to use the same, compliance etc.

Can I apply this to the app in Tomcat?

There are other coldfusion apps on it. They are configured through the IIS.

This app need not be configured in IIS but I have to use this certificate only.

Thanks
Justin Howard
Ranch Hand

Joined: Feb 19, 2009
Posts: 162
Hello All,

Should I try posting it in another forum.

Thanks
 
GeeCON Prague 2014
 
subject: How to enable SSL for only one site in Tomcat