Skip to main content

Quick Tomcat SSL Setup

Setting up SSL in Tomcat is not that tough using JDK and Tomcat alone.But for production environment  OpenSSL is recomended. In the following section we will see how we can setup SSL in tomcat, so that the client can establish HTTPS connection with the Tomcat Server Instance.
Mainly we have to follow the following steps,

  1. Generating Keystore using JDK keytool utility
  2. Configuring the Tomcat Instance to use the Keystore.

Lets see now these steps in details,

1) Generating Keystore using JDK keytool Utility
Here we will be generating a keystore with certificate, which we can use in next step to configure the Tomcat Instance.

It is assumed that you have have JDK 5 or higher installed in your box along with Tomcat 5 or higher. Now go to the command prompt and run the following keytool command.

keytool -genkey -alias tomcatkeys -keystore siddtomcat5.keystore


where the alias name is tomcatkeyskeystore  and keystore name is siddtomcat5.keystore.
It will ask you some questionnaire, which you need to feel up, so that the utility can generate the keystore.


Enter keystore password:  password123

What is your first and last name?

  [Unknown]:  sidd bhatt

What is the name of your organizational unit?

  [Unknown]:  life365

What is the name of your organization?

  [Unknown]:  life365

What is the name of your City or Locality?

  [Unknown]:  Foster City

What is the name of your State or Province?

  [Unknown]:  California

What is the two-letter country code for this unit?

  [Unknown]:  US

Is CN=sidd bhatt, OU=life365, O=life365, L=Foster City, ST=California, C=US corr

ect?
  [no]:  yes

Once that is done, we have a keystore with a certificate. Now we need to configure Tomcat SSL with this keystore.
For more more information about keystore or keytool you can see this blog post Keytool for importing certificates to keystore


2) Tomcat Configuration
Now open the server.xml file which is under TOMCAT_HOME /conf folder. open it and paste the following lines,



<Connector port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="siddtomcat5.keystore" keystorePass="sonali123"
           clientAuth="false" sslProtocol="SSL"/>


The keystoreFile takes relative path, so I have kept th keystore in the TOMCAT_HOME Directory.

Now you should be able to access All the Application in this Tomcat instance using both HTTP and HTTPS protocols

Client when tries to connect to this secured HTTPS enabled application on this Tomcat instance, would
need to trust the same certificate.


First time you want to connect to any application deployed on this tomcat instance using HTTPS
from browser, browser will prompt for importing the above created certificate to browser's trust certificate.

Similarly if you want to connect to the web application from Java client using HTTPS you have to import the certificate to Java cacerts keystore.

Java uses a certificate store, which usually consists of a cacerts file, located in the jre/lib/security directory of your Java installation

Comments

Popular posts from this blog

Masking Credit Card number in Java

Sometimes we need to mask crucial information like Credit Card Numbers, CVV numbers etc before storing  or logging the information. This example mask Credit Card Number (Except last 4 Digit) from a Text which contains information along with Credit Card Number.

The following example demonstrates how we can easily mask the credit card with Matcher and Pattern Classes. This Sample Code uses Matcher and Pattern.
Pattern Used in this sample is not optimized for Credit Card Numbers, this pattern will get any numerical numbers in the String Content.  Based on the Credit Card Type a more efficient and Strict RegEx can be used to mask the Credit Card.
/**Mask the Credit card number but last four digit value **/   Pattern PATTERN = Pattern.compile("[0-9]+"); String message = content; Matcher matcher = PATTERN.matcher(message); String maskingChar = "*"; StringBuilder finalMask = new StringBuilder(maskingChar); while …

Converting Java Map to String

Java Collections framework, String manipulation etc is something that we often encounter in Development process.
For processing collections (like checking null/empty, Intersection, Disjunction) We do have some of the very use full libraries.

Some of the Collection related libraries are Apche Commons Collections and Google  Collections(Guava).

Problem Use Case

This article explains how to convert a Java Map to String(and vice versa) using different libraries and technique.

One way is to use StringBuilder(Or String) and loop though the Map and build the String by applying some sort of separator ( for key:value and entry). Here we have to take care of the null value etc.

Without Any Library
If we want to convert the map to a String with key value separator and also individual entry seperator in the resulting String, we have to write code for that. For a simple Map, we have to iterate though the map, take care of the null values etc. Following is a sample to get String built out from Map C…

Invoking EJB deployed on a remote machine

Invoking EJB deployed on a remote machineIn case we are calling remote ejb( ejb deployed on remote machines),The JNDI lookup might lookup like,Properties env = new Properties();env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");env.put(Context.PROVIDER_URL, "XX.XXX.XX.XX:1099");env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); Context ctx = new InitialContext(env);If we are calling local ejb then we can simply create InitialContext without any parameters.Like,Context ctx = new InitialContext();