Ubuntu 12.04 and Tomcat 7 SSL implementation
Apache Tomcat is open source servlet container developed by Apache. Tomcat implements the Java Servlet and the JavaServer Pages(JSP) specifications, and provides a JAVA HTTP web server environment for Java code yo run. In this blog we will show you host how to quickly install Tomcat 7 on Ebuntu 12.04 vm or server and deploy ssl for secure connections.
Install Tomcat 7
First lets update package list:
$sudo apt-get update
Lets install and configure Tomcat 7:
$sudo apt-get install tomcat7 $sudo vim ~/.bashrc
add this at the end of file :
export JAVA_HOME=/usr/lib/jvm/default-java export CATALINA_HOME=/usr/share/tomcat7
create directories for log files:
$sudo mkdir /usr/share/tomcat7/logs $sudo chmod 777 /usr/share/tomcat7/logs
To install default version of JDK:
$sudo apt-get install default-jdk
At this point you should be able to connect to your tomcat server
on port 8080
http://localhost(you server ip):8080
Install Tomcat 7
Tomcat can use two different implementations of SSL:
JSSE
By default Tomcat7 will use Java JSSE implementation. Here is how to
configure
it with self elf-signed certificates.
1. Create a keystore file to store the server's private key and
self-signed certificate
by executing the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/share/ssl/sslstore # specify password
2. Edit /etc/tomcat7/server.xml and add the following entry.
There is many
parameters that can be set here,
this is just basic configuration to get ssl working.
<Connector
protocol="HTTP/1.1"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/usr/share/ssl/sslstore" keystorePass="your password"
clientAuth="false" sslProtocol="TLS"/>
3. Restart tomcat7
$sudo service tomcat7 restart
You now should be able to connect via SSL https://(you server ip):8443
APR
1. For APR to work the APR library must be available. It is very
simple to install.
$sudo apt-get install libtcnative-1
2. Lets enable default listener in /etc/tomcat7/server.xml . This will
use default
OpenSSL engine.
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" SSLRandomSeed="builtin" />
3. Generate self-sighned certificates with openssl tool to use for our ssl
implementation.
$sudo openssl genrsa -des3 -out server.key 1024 $openssl req -new -key server.key -out server.csr
Watch for subject name - make sure it is correlates to your site name.
$sudo openssl rsa -in server.key.org -out server.key #remove passprase from key $openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
4. Specify connector as below and again there will be many
configuration parameters available , this
is just to get basic functionality.
<Connector port="8443" SSLEnabled="true" protocol="HTTP/1.1"
maxThreads="150" scheme="https" secure="true"
SSLCertificateFile="/usr/share/ssl/server.crt"
SSLCertificateKeyFile="/usr/share/ssl/server.key"
SSLProtocol="TLS"
/>
5. Restart tomcat7
$sudo service tomcat7 restart
You now should be able to connect via SSL https://(you server ip):8443
lets refresh bashrc
$. ~/.bashrc start tomcat: $CATALINA_HOME/bin/startup.sh