Thursday 28 February 2013

SSL configuration using Tomcat


Listed below are the steps involved in configuring Tomcat server to run in SSL environment.

Step-1
Install JDK 1.5 or above
Install Tomcat 5 or above 

Step-2
Generating Keystore file - Keystore file is the one which stores the details of the certificates necessary to make the protocol secured. Certificates contain the information as to who is the source from which you are receiving the application data and to authenticate whether it is the intended party or not.Use the Keytool from JDK to generate the certificate
·         Open the command prompt
·         Navigate to  %JAVA_HOME%/bin directory
·         Enter the following cmd à keytool -genkey -alias test2certf -keypass ttadmin -keystore test2certf.bin -storepass ttadmin
·         The above command will be followed by an questionnaire, enter relevant details accordingly
·         After answering all questions a file ".bin" extension will be generated & it can be found in %JAVA_HOME%/bin
·         Copy the .bin file in your <TOMCAT_HOME>/webapps directory

Step-3
Configuring Tomcat for using the Keystore file - We need to make some changes in the server.xml file inside tomcat to use the keystore created in the previous step.
·         Open the file server.xml under the directory <TOMCAT_HOME>conf/server.xml
·         Add the following entry - <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"     enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true"    clientAuth="false" sslProtocol="TLS" keystoreFile="./webapps/xit2certf.bin" keystorePass="ttadmin"/>
·         Save the file & exit

Step-4
Restart the Tomcat Server & check the working of SSL by pointing your browser to : https://localhost:8443

 Step-5
Configuring your web application to work with SSL

open the web.xml of the deployed application and add the below XML fragment

<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>