New Technologies

  • Java
  • Javascript
  • DTML
  • Dot Net
  • ASP .Net
  • C# .Net
  • PHP
Your Ad Here

Tuesday, October 9, 2007

TOMCAT 5.0 SSL Configuration

TOMCAT SSL Generation PROCESS

STEP 1:

Using Keytool generate a keystore

keytool -genkey -alias -keyalg RSA -keystore

Note:

Then the key tool will ask for password give that . Then it is ask for the first name give the system name where the certificate is installed or the URL which is used to access from the browser.

What is your first and last name?

[Unknown]: Satish(System name)

What is the name of your organizational unit?

[Unknown]: satish

What is the name of your organization?

[Unknown]: credense

What is the name of your City or Locality?

[Unknown]: hyd

What is the name of your State or Province?

[Unknown]: ap

What is the two-letter country code for this unit?

[Unknown]: in

Is CN=satish, OU=satish, O=credense, L=hyd, ST=ap, C=in correct?

[no]: y

Enter key password for

(RETURN if same as keystore password):

STEP 2:

Export a public key to a file

keytool -export -file -keystore -alias

STEP 3:

The below step is not necessary if we give the path in the startup.bat

The trustStore is the path and name of the java key store (jks)

And the truststorepassword is the password for the keystore.

If we have not given this tomcat will take the default keystore as j2sdk1.4.2_10\jre\lib\security\cacerts and the default password is “changeit” if we have not given the string . -Djavax.net.ssl.trustStorePassword in startweblogic.cmd.

set JAVA_OPTS= -Djavax.net.ssl.trustStore="D:\Satish\ssl\keys\allcerts.jks" -Djavax.net.ssl.trustStorePassword=allcerts

The following step in not required if we have done the above:

Then import the above-generated public key to

j2sdk1.4.2_10\jre\lib\security\cacerts

Import the Weblogic public key to the above tomcat keystore if tomcat has to communicate with weblogic.

E.g.:

keytool -import -keystore test.keystore -file satishcrt.pem

Weblogic

And also import the tomcart Certificate to weblogic keystore to communicate from tomcat to weblogic

E.g.:

keytool -import -keystore satish.jks -file abc.crt

Step4:

Configuring the server.xml file

Open the server.xml file in config folder of Tomcat.

Place or modify the following tag in server.xml

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" debug="0" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS" KeystoreFile="D:\Satish\ssl\keys\tomeg.jks" KeystorePass="changeit" />

port : Port of the tomcat

KeystoreFile: Name and path of the tomcat Keystore .

KeystorePass: Password of tomcat keystore.

Step6:

Modify the .java files where the port numbers and the protocol is given like

http:// à https://

for tomcat 8080à8443

for Weblogic 7001à 7002

No comments:

Your Ad Here