Created
July 7, 2016 07:20
-
-
Save wingsum93/54cf16ad399f7e79706aa45806ce5754 to your computer and use it in GitHub Desktop.
how to set ssl in tomcat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update configuration file in Tomcat conf | |
1. ext.properties | |
box.file.path - {%TOMCAT_HOME}/conf/BOX (plesae replace your tomcat home) | |
key.file.path - {%TOMCAT_HOME}/conf/key/ (plesae replace your tomcat home) | |
2. Update all *-cas.properties | |
xxxx.web.app.protocol=https (http or https) | |
xxxx.web.app.host=douglessiu7:8443 (update your localhost name) | |
e.g. file scm-address-book-cas.properties. You can find a properties called “addressbook.web.app.host” inside | |
xxxx.cas.server.host=tradelinkbox (replace the CAS ip or add the tradelinkbox to your local hosts file) | |
3. Update all *-db.properties | |
xxxx.db.url=jdbc:mysql://tradelinkbox:3306/scm_address_book (update database ip address if necessary) | |
Enable SSL | |
CAS Server (TradelinkBox) - Generate Digital Certification Document for Tomcat Server | |
1. Generate local PC certificate document | |
keytool -genkey -alias faiyuen7 -keyalg RSA -validity 3650 | |
Enter keystore password: changeit | |
Re-enter new password: changeit | |
What is your first and last name? | |
[Unknown]: localhost | |
What is the name of your organizational unit? | |
[Unknown]: Test | |
What is the name of your organization? | |
[Unknown]: Test | |
What is the name of your City or Locality? | |
[Unknown]: Test | |
What is the name of your State or Province? | |
[Unknown]: Test | |
What is the two-letter country code for this unit? | |
[Unknown]: US | |
Is CN=localhost, OU=Test, O=Test, L=Test, ST=Test, C=US correct? | |
[no]: yes | |
2. Put .keystore to TOMCAT home path | |
- Make sure .keystore is at user home directory | |
3. Edit server.xml at TOMCAT/conf | |
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" | |
maxThreads="150" scheme="https" secure="true" | |
keystoreFile=".keystore" keystorePass="changeit" | |
clientAuth="false" sslProtocol="TLS" /> | |
4. Export Certificate on local PC | |
keytool -export -alias faiyuen7 -file "C:\Temp\faiyuen7.crt" | |
5. import certificate on CAS server | |
- Make sure hv write permission for "cacerts" file | |
- Backup the cacerts file before import in case for rollback | |
(For Linux) | |
cp /usr/java/default/lib/security/cacerts /usr/java/default/lib/security/cacerts.yyyymmdd | |
/usr/java/default/bin/keytool -exportcert -alias tradelinkbox -file /home/tradelinkbox.crt -keystore /usr/java/default/lib/security/cacerts | |
/usr/java/default/bin/keytool -importcert -alias faiyuen7 -file /home/faiyuen7.crt -keystore /usr/java/default/lib/security/cacerts | |
(For Windows) | |
cp "%JAVA_HOME%\jre\lib\security\cacerts" "%JAVA_HOME%\jre\lib\security\cacerts.yyyymmdd" | |
%JAVA_HOME\bin\keytool -importcert --alias tradelinkbox file "C:\Temp\tradelinkbox.crt" -keystore "%JAVA_HOME%\jre\lib\security\cacerts" | |
%JAVA_HOME\bin\keytool -importcert -alias faiyuen7 -file "C:\Temp\faiyuen7.crt" -keystore "%JAVA_HOME%\jre\lib\security\cacerts" | |
6. Other key tool action | |
// List existing JVM key store information | |
%JAVA_HOME%\bin\keytool -list -keystore %JAVA_HOME%\jre\lib\security\cacerts | |
// List existing JVM key store detail information | |
%JAVA_HOME%\bin\keytool -list -v -keystore -list -v -keystore %JAVA_HOME%\jre\lib\security\cacerts | |
/usr/java/default/bin/keytool -list -v -keystore -list -v -keystore /usr/java/default/lib/security/cacerts | |
// Delete key from keystore | |
%JAVA_HOME%\bin\keytool -delete -alias faiyuen7 | |
7. Tomcat Server Start argus | |
-Xmx768m -XX:MaxPermSize=512m -XX:ReservedCodeCacheSize=96M -XX:+UseCodeCacheFlushing -Dcatalina.base="C:\Development\Server\apache-tomcat-7.0.53x86" -Dcatalina.home="C:\Development\Server\apache-tomcat-7.0.53x86" -Dwtp.deploy="C:\Development\Server\apache-tomcat-7.0.53x86\webapps" -Djava.endorsed.dirs="C:\Development\Server\apache-tomcat-7.0.53x86\endorsed" -Djavax.servlet.request.encoding=UTF-8 -Dfile.encoding=UTF8 -Djavax.net.ssl.trustStore="C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment