enable SSL in Tomcat 7 server.xml

Posted on November 4, 2012. Filed under: java/j2EE |


Enable SSL in Tomcat 7

The following is the setup shell commands in Mac OS X, setup is similar on other boxes running linux.


 Tomcat SSL Demo: echo "locate keytool in your jdk bin"
 locate keytool in your jdk bin
 Tomcat SSL Demo: env | grep -i java
 OLDPWD=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/bin
 PWD=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/bin
 Tomcat SSL Demo: cd /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/bin/
 Tomcat SSL Demo: ls -lrt keytool
 -rwxr-xr-x 1 root wheel 100688 Oct 20 21:29 keytool
 Tomcat SSL Demo: echo "generating keystore for Tomcat"
 generating keystore for Tomcat
 Tomcat SSL Demo: keytool -genkey -alias tomcat -keyalg RSA
 Enter keystore password:
 Re-enter new password:
 What is your first and last name?
 [Unknown]: Demo
 What is the name of your organizational unit?
 [Unknown]: kl2217
 What is the name of your organization?
 [Unknown]: kl2217org
 What is the name of your City or Locality?
 [Unknown]: Boston
 What is the name of your State or Province?
 [Unknown]: MA
 What is the two-letter country code for this unit?
 [Unknown]: US
 Is CN=Demo, OU=kl2217, O=kl2217org, L=Boston, ST=MA, C=US correct?
 [no]: yes

Enter key password for <tomcat>
 (RETURN if same as keystore password):
 Re-enter new password:
 Tomcat SSL Demo: ls -ltra ~/.keystore
 -rw-r--r-- 1 homenetwork staff 1338 Nov 4 09:56 /Users/homenetwork/.keystore
 Tomcat SSL Demo: echo "configuring SSL to use SSL"
 configuring SSL to use SSL
 Tomcat SSL Demo: echo "go to your tomcat install directory, modify the server.xml, restart tomcat, should see port 8443 open"
 go to your tomcat install directory, modify the server.xml, restart tomcat, should see port 8443 open
 Tomcat SSL Demo: cd /Users/homenetwork/Documents/apache-tomcat-7.0.32
 Tomcat SSL Demo: cd bin/
 Tomcat SSL Demo: ./startup.sh
 Using CATALINA_BASE: /Users/homenetwork/Documents/apache-tomcat-7.0.32
 Using CATALINA_HOME: /Users/homenetwork/Documents/apache-tomcat-7.0.32
 Using CATALINA_TMPDIR: /Users/homenetwork/Documents/apache-tomcat-7.0.32/temp
 Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
 Using CLASSPATH: /Users/homenetwork/Documents/apache-tomcat-7.0.32/bin/bootstrap.jar:/Users/homenetwork/Documents/apache-tomcat-7.0.32/bin/tomcat-juli.jar
 Tomcat SSL Demo: echo "verify http port 8080 open, https port 8443 not open"
 verify http port 8080 open, https port 8443 not open
 Tomcat SSL Demo: netstat -ntan | grep 8080
 tcp46 0 0 *.8080 *.* LISTEN
 Tomcat SSL Demo: netstat -ntan | grep 8443
 Tomcat SSL Demo: echo "now enable SSL by modify server.xml"
 Tomcat SSL Demo: grep -A 2 -B3 "clientAuth=" ../conf/server.xml
 <!--
 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="150" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS" />
 -->

Tomcat SSL Demo: vi ../conf/server.xml
 Tomcat SSL Demo: grep -A 2 -B3 "clientAuth=" ../conf/server.xml
 <!--
 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="150" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS" />
 -->

--
 <!-- Define SSL Connector on port 8843 -->
 <Connector port="8443" SSLEnabled="true"
  maxThreads="150" scheme="https" secure="true" acceptCount="100" enableLookups="false"
  clientAuth="false" sslProtocol="TLS"
  keystoreFile="/Users/homenetwork/.keystore" keystorePass="password"/>

Tomcat SSL Demo: ./shutdown.sh
 Using CATALINA_BASE: /Users/homenetwork/Documents/apache-tomcat-7.0.32
 Using CATALINA_HOME: /Users/homenetwork/Documents/apache-tomcat-7.0.32
 Using CATALINA_TMPDIR: /Users/homenetwork/Documents/apache-tomcat-7.0.32/temp
 Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
 Using CLASSPATH: /Users/homenetwork/Documents/apache-tomcat-7.0.32/bin/bootstrap.jar:/Users/homenetwork/Documents/apache-tomcat-7.0.32/bin/tomcat-juli.jar
 Tomcat SSL Demo: ./startup.sh
 Using CATALINA_BASE: /Users/homenetwork/Documents/apache-tomcat-7.0.32
 Using CATALINA_HOME: /Users/homenetwork/Documents/apache-tomcat-7.0.32
 Using CATALINA_TMPDIR: /Users/homenetwork/Documents/apache-tomcat-7.0.32/temp
 Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home
 Using CLASSPATH: /Users/homenetwork/Documents/apache-tomcat-7.0.32/bin/bootstrap.jar:/Users/homenetwork/Documents/apache-tomcat-7.0.32/bin/tomcat-juli.jar
 Tomcat SSL Demo: netstat -ntan | grep 8080
 tcp46 0 0 *.8080 *.* LISTEN
 Tomcat SSL Demo: netstat -ntan | grep 8443
 tcp46 0 0 *.8443 *.* LISTEN
 Tomcat SSL Demo: echo "now, open browser, visit https://localhost:8443, make sure you don't get Error code: ssl_error_rx_record_too_long"
 now, open browser, visit https://localhost:8443, make sure you don't get Error code: ssl_error_rx_record_too_long

Advertisements

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: