wingsum93/setSslTomcat.instruction

## setSslTomcat.instruction
Update configuration file in Tomcat conf

1. ext.properties
	box.file.path - {%TOMCAT_HOME}/conf/BOX	(plesae replace your tomcat home)
	key.file.path - {%TOMCAT_HOME}/conf/key/ (plesae replace your tomcat home)


2. Update all *-cas.properties
	xxxx.web.app.protocol=https  (http or https)
xxxx.web.app.host=douglessiu7:8443  (update your localhost name)

	e.g. file scm-address-book-cas.properties. You can find a properties called “addressbook.web.app.host” inside

	xxxx.cas.server.host=tradelinkbox  (replace the CAS ip or add the tradelinkbox to your local hosts file)


3. Update all *-db.properties
	xxxx.db.url=jdbc:mysql://tradelinkbox:3306/scm_address_book  (update database ip address if necessary)


Enable SSL

CAS Server (TradelinkBox) - Generate Digital Certification Document for Tomcat Server
1. Generate local PC certificate document
keytool -genkey -alias faiyuen7 -keyalg RSA -validity 3650
Enter keystore password: changeit
Re-enter new password: changeit
What is your first and last name?
  [Unknown]:  localhost
What is the name of your organizational unit?
  [Unknown]:  Test
What is the name of your organization?
  [Unknown]:  Test
What is the name of your City or Locality?
  [Unknown]:  Test
What is the name of your State or Province?
  [Unknown]:  Test
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=localhost, OU=Test, O=Test, L=Test, ST=Test, C=US correct?
  [no]:  yes

2. Put .keystore to TOMCAT home path
- Make sure .keystore is at user home directory

3. Edit server.xml at TOMCAT/conf
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
   keystoreFile=".keystore" keystorePass="changeit"
               clientAuth="false" sslProtocol="TLS" />

4. Export Certificate on local PC
keytool -export -alias faiyuen7 -file "C:\Temp\faiyuen7.crt"

5. import certificate on CAS server
- Make sure hv write permission for "cacerts" file
- Backup the cacerts file before import in case for rollback
(For Linux)
cp /usr/java/default/lib/security/cacerts /usr/java/default/lib/security/cacerts.yyyymmdd
/usr/java/default/bin/keytool -exportcert -alias tradelinkbox -file /home/tradelinkbox.crt -keystore /usr/java/default/lib/security/cacerts
/usr/java/default/bin/keytool -importcert -alias faiyuen7 -file /home/faiyuen7.crt -keystore /usr/java/default/lib/security/cacerts
(For Windows)
cp "%JAVA_HOME%\jre\lib\security\cacerts" "%JAVA_HOME%\jre\lib\security\cacerts.yyyymmdd"
%JAVA_HOME\bin\keytool -importcert --alias tradelinkbox file "C:\Temp\tradelinkbox.crt" -keystore "%JAVA_HOME%\jre\lib\security\cacerts"
%JAVA_HOME\bin\keytool -importcert -alias faiyuen7 -file "C:\Temp\faiyuen7.crt" -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

6. Other key tool action
// List existing JVM key store information
%JAVA_HOME%\bin\keytool -list -keystore %JAVA_HOME%\jre\lib\security\cacerts
// List existing JVM key store detail information
%JAVA_HOME%\bin\keytool -list -v -keystore -list -v -keystore %JAVA_HOME%\jre\lib\security\cacerts
/usr/java/default/bin/keytool -list -v -keystore -list -v -keystore /usr/java/default/lib/security/cacerts
// Delete key from keystore
%JAVA_HOME%\bin\keytool -delete -alias faiyuen7

7. Tomcat Server Start argus
-Xmx768m -XX:MaxPermSize=512m -XX:ReservedCodeCacheSize=96M -XX:+UseCodeCacheFlushing -Dcatalina.base="C:\Development\Server\apache-tomcat-7.0.53x86" -Dcatalina.home="C:\Development\Server\apache-tomcat-7.0.53x86" -Dwtp.deploy="C:\Development\Server\apache-tomcat-7.0.53x86\webapps" -Djava.endorsed.dirs="C:\Development\Server\apache-tomcat-7.0.53x86\endorsed" -Djavax.servlet.request.encoding=UTF-8 -Dfile.encoding=UTF8 -Djavax.net.ssl.trustStore="C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit
	Update configuration file in Tomcat conf

	1. ext.properties
	box.file.path - {%TOMCAT_HOME}/conf/BOX (plesae replace your tomcat home)
	key.file.path - {%TOMCAT_HOME}/conf/key/ (plesae replace your tomcat home)


	2. Update all *-cas.properties
	xxxx.web.app.protocol=https (http or https)
	xxxx.web.app.host=douglessiu7:8443 (update your localhost name)

	e.g. file scm-address-book-cas.properties. You can find a properties called “addressbook.web.app.host” inside

	xxxx.cas.server.host=tradelinkbox (replace the CAS ip or add the tradelinkbox to your local hosts file)


	3. Update all *-db.properties
	xxxx.db.url=jdbc:mysql://tradelinkbox:3306/scm_address_book (update database ip address if necessary)
















	Enable SSL

	CAS Server (TradelinkBox) - Generate Digital Certification Document for Tomcat Server
	1. Generate local PC certificate document
	keytool -genkey -alias faiyuen7 -keyalg RSA -validity 3650
	Enter keystore password: changeit
	Re-enter new password: changeit
	What is your first and last name?
	[Unknown]: localhost
	What is the name of your organizational unit?
	[Unknown]: Test
	What is the name of your organization?
	[Unknown]: Test
	What is the name of your City or Locality?
	[Unknown]: Test
	What is the name of your State or Province?
	[Unknown]: Test
	What is the two-letter country code for this unit?
	[Unknown]: US
	Is CN=localhost, OU=Test, O=Test, L=Test, ST=Test, C=US correct?
	[no]: yes

	2. Put .keystore to TOMCAT home path
	- Make sure .keystore is at user home directory

	3. Edit server.xml at TOMCAT/conf
	<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
	maxThreads="150" scheme="https" secure="true"
	keystoreFile=".keystore" keystorePass="changeit"
	clientAuth="false" sslProtocol="TLS" />

	4. Export Certificate on local PC
	keytool -export -alias faiyuen7 -file "C:\Temp\faiyuen7.crt"

	5. import certificate on CAS server
	- Make sure hv write permission for "cacerts" file
	- Backup the cacerts file before import in case for rollback
	(For Linux)
	cp /usr/java/default/lib/security/cacerts /usr/java/default/lib/security/cacerts.yyyymmdd
	/usr/java/default/bin/keytool -exportcert -alias tradelinkbox -file /home/tradelinkbox.crt -keystore /usr/java/default/lib/security/cacerts
	/usr/java/default/bin/keytool -importcert -alias faiyuen7 -file /home/faiyuen7.crt -keystore /usr/java/default/lib/security/cacerts
	(For Windows)
	cp "%JAVA_HOME%\jre\lib\security\cacerts" "%JAVA_HOME%\jre\lib\security\cacerts.yyyymmdd"
	%JAVA_HOME\bin\keytool -importcert --alias tradelinkbox file "C:\Temp\tradelinkbox.crt" -keystore "%JAVA_HOME%\jre\lib\security\cacerts"
	%JAVA_HOME\bin\keytool -importcert -alias faiyuen7 -file "C:\Temp\faiyuen7.crt" -keystore "%JAVA_HOME%\jre\lib\security\cacerts"

	6. Other key tool action
	// List existing JVM key store information
	%JAVA_HOME%\bin\keytool -list -keystore %JAVA_HOME%\jre\lib\security\cacerts
	// List existing JVM key store detail information
	%JAVA_HOME%\bin\keytool -list -v -keystore -list -v -keystore %JAVA_HOME%\jre\lib\security\cacerts
	/usr/java/default/bin/keytool -list -v -keystore -list -v -keystore /usr/java/default/lib/security/cacerts
	// Delete key from keystore
	%JAVA_HOME%\bin\keytool -delete -alias faiyuen7

	7. Tomcat Server Start argus
	-Xmx768m -XX:MaxPermSize=512m -XX:ReservedCodeCacheSize=96M -XX:+UseCodeCacheFlushing -Dcatalina.base="C:\Development\Server\apache-tomcat-7.0.53x86" -Dcatalina.home="C:\Development\Server\apache-tomcat-7.0.53x86" -Dwtp.deploy="C:\Development\Server\apache-tomcat-7.0.53x86\webapps" -Djava.endorsed.dirs="C:\Development\Server\apache-tomcat-7.0.53x86\endorsed" -Djavax.servlet.request.encoding=UTF-8 -Dfile.encoding=UTF8 -Djavax.net.ssl.trustStore="C:\Program Files (x86)\Java\jdk1.6.0_45\jre\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit