Quick Tomcat SSL Setup

By -
Setting up SSL in Tomcat is not that tough using JDK and Tomcat alone.But for production environment  OpenSSL is recomended. In the following section we will see how we can setup SSL in tomcat, so that the client can establish HTTPS connection with the Tomcat Server Instance.
Mainly we have to follow the following steps,

  1. Generating Keystore using JDK keytool utility
  2. Configuring the Tomcat Instance to use the Keystore.

Lets see now these steps in details,

1) Generating Keystore using JDK keytool Utility
Here we will be generating a keystore with certificate, which we can use in next step to configure the Tomcat Instance.

It is assumed that you have have JDK 5 or higher installed in your box along with Tomcat 5 or higher. Now go to the command prompt and run the following keytool command.

keytool -genkey -alias tomcatkeys -keystore siddtomcat5.keystore


where the alias name is tomcatkeyskeystore  and keystore name is siddtomcat5.keystore.
It will ask you some questionnaire, which you need to feel up, so that the utility can generate the keystore.


Enter keystore password:  password123

What is your first and last name?

  [Unknown]:  sidd bhatt

What is the name of your organizational unit?

  [Unknown]:  life365

What is the name of your organization?

  [Unknown]:  life365

What is the name of your City or Locality?

  [Unknown]:  Foster City

What is the name of your State or Province?

  [Unknown]:  California

What is the two-letter country code for this unit?

  [Unknown]:  US

Is CN=sidd bhatt, OU=life365, O=life365, L=Foster City, ST=California, C=US corr

ect?
  [no]:  yes

Once that is done, we have a keystore with a certificate. Now we need to configure Tomcat SSL with this keystore.
For more more information about keystore or keytool you can see this blog post Keytool for importing certificates to keystore


2) Tomcat Configuration
Now open the server.xml file which is under TOMCAT_HOME /conf folder. open it and paste the following lines,



<Connector port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="siddtomcat5.keystore" keystorePass="sonali123"
           clientAuth="false" sslProtocol="SSL"/>


The keystoreFile takes relative path, so I have kept th keystore in the TOMCAT_HOME Directory.

Now you should be able to access All the Application in this Tomcat instance using both HTTP and HTTPS protocols

Client when tries to connect to this secured HTTPS enabled application on this Tomcat instance, would
need to trust the same certificate.


First time you want to connect to any application deployed on this tomcat instance using HTTPS
from browser, browser will prompt for importing the above created certificate to browser's trust certificate.

Similarly if you want to connect to the web application from Java client using HTTPS you have to import the certificate to Java cacerts keystore.

Java uses a certificate store, which usually consists of a cacerts file, located in the jre/lib/security directory of your Java installation

Comments

Post a Comment

Popular posts from this blog

Converting Java Map to String

By -
Java Collections framework, String manipulation etc is something that we often encounter in Development process. For processing collections (like checking null/empty, Intersection, Disjunction) We do have some of the very use full libraries. Some of the Collection related libraries are Apche Commons Collections and Google  Collections(Guava). Problem Use Case This article explains how to convert a Java Map to String(and vice versa) using different libraries and technique. One way is to use StringBuilder(Or String) and loop though the Map and build the String by applying some sort of separator ( for key:value and entry). Here we have to take care of the null value etc. Without Any Library If we want to convert the map to a String with key value separator and also individual entry seperator in the resulting String, we have to write code for that. For a simple Map, we have to iterate though the map, take care of the null values etc. Following is a sample to get String built
Read more

Difference between volatile and synchronized

By -
volatile is a field modifier, while synchronized modifies code blocks and methods. So we can specify three variations of a simple accessor using those two keywords: int i1; int geti1() {return i1;} volatile int i2; int geti2() {return i2;} int i3; synchronized int geti3() {return i3;} geti1() accesses the value currently stored in i1 in the current thread . Threads can have local copies of variables, and the data does not have to be the same as the data held in other threads. In particular, another thread may have updated i1 in it's thread, but the value in the current thread could be different from that updated value. In fact Java has the idea of a "main" memory, and this is the memory that holds the current "correct" value for variables. Threads can have their own copy of data for variables, and the thread copy can be different from the "main" memory. So in fact, it is possible for the "main"
Read more

Invoking EJB deployed on a remote machine

By -
Invoking EJB deployed on a remote machine In case we are calling remote ejb( ejb deployed on remote machines), The JNDI lookup might lookup like, Properties env = new Properties(); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); env.put(Context.PROVIDER_URL, "XX.XXX.XX.XX:1099"); env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); Context ctx = new InitialContext(env); If we are calling local ejb then we can simply create InitialContext without any parameters. Like, Context ctx = new InitialContext();
Read more