Below is the STEP wise notes which will navigate through the process of implementing SSL in tomcat.
The website for which SSL is implemented can be accessed by using https protocol instead of http.
The https protocol will use port no: 443. So port number 443 should be enabled to access the sites for which SSL is implemented.
STEP 1: Generating keystore file
Note: The SSL certificates along with keystore file can be purchased from any of the authorized vendors like godaddy, verisign,..... Otherwise the SSL can be implemented directly in tomcat. In this case the authorized certificate will not be available. SO the process of generation of keystore file and certificates is totally users choice.
Below is the process which demonstrates the implementation of SSL in tomcat which is well tested and implemented.
c:\>keytool -genkey -alias tomcat -keyalg RSA
C:\>keytool -genkey -alias tomcat6 -keyalg RSA
Enter keystore password:
What is your first and last name?
[Unknown]: NAMEOFUSER
What is the name of your organizational unit?
[Unknown]: COMPANYNAME
What is the name of your organization?
[Unknown]: COMPANYNAME
What is the name of your City or Locality?
[Unknown]: LOCATION
What is the name of your State or Province?
[Unknown]: STATE
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Anand, OU=COMPANY, O=COMPANY, L=HYDERABAD, ST=AP, C=IN correct?
[no]:
What is your first and last name?
[NAME]:
What is the name of your organizational unit?
[COMPANYNAME]:
What is the name of your organization?
[COMPANYNAME]:
What is the name of your City or Locality?
[CITY]:
What is the name of your State or Province?
[STATE]:
What is the two-letter country code for this unit?
[IN]:
Is CN=NAME, OU=COMPANY, O=COMPANY, L=HYDERABAD, ST=AP, C=IN correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
Re-enter new password:
NOTE: THE PASSWORD I USED HERE IS " changeit "
STEP 2: Place the .keystore file in tomcat\conf folder/
STEP 3: EDITING tomcat/conf/server.xml
Connector port="8443" SSLEngine="on" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="200" minSpareThreads="25" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<.keystore file location>" keystorePass="changeit" />
<security-constraint>
<web-resource-collection>
<web-resource-name>Security page
</web-resource-name>
<url-pattern>/about.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint><br />
The https functionality can be disabled by changing "CONFIDENTIAL" word in web.xml to "NONE"
The website for which SSL is implemented can be accessed by using https protocol instead of http.
The https protocol will use port no: 443. So port number 443 should be enabled to access the sites for which SSL is implemented.
STEP 1: Generating keystore file
Note: The SSL certificates along with keystore file can be purchased from any of the authorized vendors like godaddy, verisign,..... Otherwise the SSL can be implemented directly in tomcat. In this case the authorized certificate will not be available. SO the process of generation of keystore file and certificates is totally users choice.
Below is the process which demonstrates the implementation of SSL in tomcat which is well tested and implemented.
c:\>keytool -genkey -alias tomcat -keyalg RSA
C:\>keytool -genkey -alias tomcat6 -keyalg RSA
Enter keystore password:
What is your first and last name?
[Unknown]: NAMEOFUSER
What is the name of your organizational unit?
[Unknown]: COMPANYNAME
What is the name of your organization?
[Unknown]: COMPANYNAME
What is the name of your City or Locality?
[Unknown]: LOCATION
What is the name of your State or Province?
[Unknown]: STATE
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Anand, OU=COMPANY, O=COMPANY, L=HYDERABAD, ST=AP, C=IN correct?
[no]:
What is your first and last name?
[NAME]:
What is the name of your organizational unit?
[COMPANYNAME]:
What is the name of your organization?
[COMPANYNAME]:
What is the name of your City or Locality?
[CITY]:
What is the name of your State or Province?
[STATE]:
What is the two-letter country code for this unit?
[IN]:
Is CN=NAME, OU=COMPANY, O=COMPANY, L=HYDERABAD, ST=AP, C=IN correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
Re-enter new password:
NOTE: THE PASSWORD I USED HERE IS " changeit "
STEP 2: Place the .keystore file in tomcat\conf folder/
STEP 3: EDITING tomcat/conf/server.xml
Connector port="8443" SSLEngine="on" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="200" minSpareThreads="25" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<.keystore file location>" keystorePass="changeit" />
Below is the code which should be added to the existing web.xml file of the project
<security-constraint>
<web-resource-collection>
<web-resource-name>Security page
</web-resource-name>
<url-pattern>/about.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint><br />
The https functionality can be disabled by changing "CONFIDENTIAL" word in web.xml to "NONE"
No comments:
Post a Comment