Today my friend wanted to setup HTTPS implementation on his tomcat server.
So here how we did it.
Installing Tomcat on Ubuntu 11.04
ahmed@ubuntu:~$ sudo apt-get install tomcat6
ahmed@ubuntu:~$ sudo apt-get install tomcat6-admin
Here is complete information on howto install tomcat on Ubuntu 11.04.
https://help.ubuntu.com/11.04/serverguide/C/tomcat.html
Next once we have tomcat installed here is what we need to do.
Creating KeyStore File
ahmed@ubuntu:~$ keytool -genkeypair -alias tomcat -keyalg RSA -keysize 1024 -dname "CN=localhost, OU=Organization, O=Company Name, L=City, S=State, C=US" -validity 365 -keystore keystore
Enter keystore password: <enter a new password here>
Enter key password for <tomcat>
(RETURN if same as keystore password): <just hit enter here>
The password you enter in the first password prompt will be the password for the "keystore" file where your server certificate is stored. File will be create in the current directory where you executed the above command. Then you can copy it to your tomcat directory as requried.
Next Updating server.xml file
Next, edit your Tomcat's conf/server.xml to enable the HTTPS connector (Add last line with your information).
Look for a connector that looks like this and uncomment these lines:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat6/keystore" keystorePass="ahmed"/>
Comment the below information in the servel.xml file,
if you want the server to accept on SSL connections only.
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
-->
Once this is done lets restart.
ahmed@ubuntu:~$ sudo service tomcat6 restart
Then we can hit https://localhost:8443 on the browser.
Your web browser will warn you about the self-signed certificate,
this is fine if your not running any critical application.
You will get the below warning on the browser as this is a self-signed certificate.
Add the site to exception.
Then access the site, all the data between the browser and server is secured over SSL.
So here how we did it.
Installing Tomcat on Ubuntu 11.04
ahmed@ubuntu:~$ sudo apt-get install tomcat6
ahmed@ubuntu:~$ sudo apt-get install tomcat6-admin
Here is complete information on howto install tomcat on Ubuntu 11.04.
https://help.ubuntu.com/11.04/serverguide/C/tomcat.html
Next once we have tomcat installed here is what we need to do.
Creating KeyStore File
ahmed@ubuntu:~$ keytool -genkeypair -alias tomcat -keyalg RSA -keysize 1024 -dname "CN=localhost, OU=Organization, O=Company Name, L=City, S=State, C=US" -validity 365 -keystore keystore
Enter keystore password: <enter a new password here>
Enter key password for <tomcat>
(RETURN if same as keystore password): <just hit enter here>
The password you enter in the first password prompt will be the password for the "keystore" file where your server certificate is stored. File will be create in the current directory where you executed the above command. Then you can copy it to your tomcat directory as requried.
Next Updating server.xml file
Next, edit your Tomcat's conf/server.xml to enable the HTTPS connector (Add last line with your information).
Look for a connector that looks like this and uncomment these lines:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat6/keystore" keystorePass="ahmed"/>
Comment the below information in the servel.xml file,
if you want the server to accept on SSL connections only.
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
-->
Once this is done lets restart.
ahmed@ubuntu:~$ sudo service tomcat6 restart
Then we can hit https://localhost:8443 on the browser.
Your web browser will warn you about the self-signed certificate,
this is fine if your not running any critical application.
You will get the below warning on the browser as this is a self-signed certificate.
Add the site to exception.
Then access the site, all the data between the browser and server is secured over SSL.
Comments
Post a Comment