Introduction:
To make the redirection from HTTP to HTTPS in Tomcat. There are two required steps that must be done.
- Generate a self-sign key (Certificate)
- Configure the Tomcat Server Setting
The detail steps of each part are listed below. Hope it could be useful and helpful.
Generate a self-sign key (Certificate) with the following command.
- Open a command console and type [cmd]
- Type [set] in order to check your java jdk directory (e.g. C:\Program Files\Java\jdk1.6.0_25\bin)
- Type [cd ${java_directory}] (e.g. cd C:\Program Files\Java\jdk1.6.0_25\bin)
- Type [keytool -genkey -keystore chap8.keystore -storepass rmi+ssl -keypass rmi+ssl -keyalg RSA -alias chapter8 -validity 3650 -dname "cn=chapter8 example,ou=admin book,dc=jboss,dc=org"]
- Words/Fonts with bold style can be modified
- chap8.keystore - Sign file name and will be generated/created in your java jdk bin directory (e.g. C:\Program Files\Java\jdk1.6.0_25\bin)
- rmi+ssl - Password
- chapter8 - Alias name
- validity - How long your self-issued certificate is valid
- inside the quote sign "chapter8, adminbook, jboss, org" are not important. It is just the information of your certificate for people to view.
- There is a chap8.keystore file (certificate) is created in your java jdk bin directory (e.g. C:\Program Files\Java\jdk1.6.0_25\bin)
- Copy the generated certificate "chap8.keystore" to the folder ${cataline.home}/conf/ (e.g. C:\bin\apache-tomcat-7.0.27\conf\)
Configure the Tomcat server setting
- Edit ${cataline.home}/conf/server.xml and modify the following
- <Connector port="8080" protocol="HTTP/1.1" enableLookups="false" redirectPort="8443" />
- <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" SSLEnabled="true" maxThreads="200"
scheme="https" secure="true"
keystoreFile="/conf/chap8.keystore"
keystorePass="rmi+ssl" clientAuth="false"
sslProtocol="TLS"/>
- chap8.keystore - certificate file name you type in the previous steps
- rmi+ssl - keystore password you type in the previous steps
No comments:
Post a Comment