Tomcat 5.5: Configure One-way SSL Instruction

Abstract:

This instruction will guide you how to configure one-way SSL in tomcat 5.5

Instruction:

Step1: Running keytool

Open cmd and execute following command.

1	keytool-genkey-aliastomcat-keyalgRSA-keypassyourpassword-storepassyourpassword-keystoreC:/Tomcat55/keystore-validity 3600

Parameters:

-alias: Indicate a name which identify a entry in a keystore

-keyalg: Indicate encryption algorithm (Recommendation: RSA)

-keypass: Replace this param by your password.

-storepass: Replace this param by keypass password.

-keystore: The location where your store keystore file.

-validity: Indicate how many days will be valid for this keystore. (Default is 90 days.)

Step2: Config keytool

Complete following parameter as shown.

您的名字与姓氏是什么？
[Unknown]： localhost (Fill this blank with your granted domain or any others as testing)
您的组织单位名称是什么？
[Unknown]： Personal Testing. (Any String is OK.)
您的组织名称是什么？
[Unknown]： Personal Testing. (Any String is OK.)
您所在的城市或区域名称是什么？
[Unknown]： Beijing (Your city.)
您所在的州或省份名称是什么？
[Unknown]： Beijing (Your state.)
该单位的两字母国家代码是什么
[Unknown]： CN (Your country code.)
CN=localhost, OU=Personal Testing., O=Personal Testing., L=Beijing, ST=Beijing,
C=CN 正确吗？
[否]： y (Enter with ‘Y’ if everything is fine.)

After above, you should able to see a file named ‘keystore’ in C:/Tomcat55.

Step3: Config Server.xml

Open server.xml from C:/Tomcat55/conf. Then edit related configuration as below.

1	<!--</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">Define</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">a</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">non-SSL</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">HTTP/1.1</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">Connector</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">on</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">port</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">8080</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">-->
2
3	<Connector port="80" maxHttpHeaderSize="8192"
4	maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
5	enableLookups="false" redirectPort="443" acceptCount="100"
6	connectionTimeout="20000" disableUploadTimeout="true"/>
7

Notice: change your port number as 80 instead of 8080 and change redirectPort as 443.

1	<!--</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">Define</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">a</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">SSL</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">HTTP/1.1</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">Connector</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">on</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">port</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">8443</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">-->
2
3	<Connector port="443" maxHttpHeaderSize="8192"
4	maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
5	enableLookups="false" disableUploadTimeout="true"
6	acceptCount="100" scheme="https" secure="true"
7	clientAuth="false" sslProtocol="TLS"
8	keystoreFile="keystore" keystorePass="yourpassword"/>

Notice: change your port number as 443 instead of 8443. And keystoreFile should be the location where your store keystore file. keystorePass should be same as what you specify in keytool command.

1	<!--</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">Define</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">an</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">AJP</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">1.3</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">Connector</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">on</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">port</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">8009</span><span style="color: #008000" mce_style="color: #008000">&nbsp;</span><span style="color: #008000" mce_style="color: #008000">-->
2	<Connector port="8009"
3	enableLookups="false" redirectPort="443" protocol="AJP/1.3"/>

Notice: change redirectPort as 443.

Save and quit.

Step4: Config web.xml

Open web.xml from same directory. And add following additional parameter to the end of the file.

1	<security-constraint>
2	<web-resource-collection>
3	<web-resource-name>SSL</web-resource-name>
4	<url-pattern>/*</url-pattern>
5	</web-resource-collection>
6	<user-data-constraint>
7	<transport-guarantee>CONFIDENTIAL</transport-guarantee>
8	</user-data-constraint>
9	</security-constraint>

Save and quit.

Step5: Testing

Startup Tomcat server.

If everything is fine, you should able to access https://localhost or http://localhost.

Additionally, may be you have to add following attribute to the <connector> definition.

protocol="org.apache.coyote.http11.Http11Protocol"

That will be work at 5.5.30.

For any question, please contact me.

yexianyi@hotmail.com