Ubuntu 12.04 and Tomcat 7 SSL implementation

Posted On October 25, 2016

Apache Tomcat is open source servlet container developed by Apache. Tomcat implements the Java Servlet and the JavaServer Pages(JSP) specifications, and provides a JAVA HTTP web server environment for Java code yo run. In this blog we will show you host how to quickly install Tomcat 7 on Ebuntu 12.04 vm or server and deploy ssl for secure connections.

Install Tomcat 7

First lets update package list:

$sudo apt-get update

Lets install and configure Tomcat 7:

$sudo apt-get install tomcat7
$sudo vim ~/.bashrc

add this at the end of file :

export JAVA_HOME=/usr/lib/jvm/default-java
export CATALINA_HOME=/usr/share/tomcat7

create directories for log files:

$sudo mkdir /usr/share/tomcat7/logs
$sudo chmod 777 /usr/share/tomcat7/logs

To install default version of JDK:

$sudo apt-get install default-jdk

At this point you should be able to connect to your tomcat server
on port 8080
http://localhost(you server ip):8080

Install Tomcat 7

Tomcat can use two different implementations of SSL:

  • the JSSE implementation provided as part of the Java runtime (since 1.4)
  • the APR implementation, which uses the OpenSSL engine by default.

    • JSSE

    By default Tomcat7 will use Java JSSE implementation. Here is how to
    configure
    it with self elf-signed certificates.

    1. Create a keystore file to store the server's private key and
    self-signed certificate
    by executing the following command:

    $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA 
 -keystore /usr/share/ssl/sslstore  # specify password

    2. Edit /etc/tomcat7/server.xml and add the following entry.
    There is many
    parameters that can be set here,
    this is just basic configuration to get ssl working. 

    <Connector
           protocol="HTTP/1.1"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="/usr/share/ssl/sslstore" keystorePass="your password"
           clientAuth="false" sslProtocol="TLS"/>

    3. Restart tomcat7 

    $sudo service tomcat7 restart

    You now should be able to connect via SSL https://(you server ip):8443

    APR

    1. For APR to work the APR library must be available. It is very
    simple to install. 

    $sudo apt-get install libtcnative-1

    2. Lets enable default listener in /etc/tomcat7/server.xml . This will
    use default 

    OpenSSL engine. 
<Listener className="org.apache.catalina.core.AprLifecycleListener"
          SSLEngine="on" SSLRandomSeed="builtin" />

    3. Generate self-sighned certificates with openssl tool to use for our ssl
    implementation. 

    $sudo openssl genrsa -des3 -out server.key 1024
$openssl req -new -key server.key -out server.csr

    Watch for subject name - make sure it is correlates to your site name. 

    $sudo openssl rsa -in server.key.org -out server.key  #remove passprase from key
$openssl x509 -req -days 365 -in server.csr -signkey 
 server.key -out server.crt

    4. Specify connector as below and again there will be many
    configuration parameters available , this
    is just to get basic functionality. 

    <Connector port="8443"  SSLEnabled="true" protocol="HTTP/1.1"
               maxThreads="150" scheme="https" secure="true"
               SSLCertificateFile="/usr/share/ssl/server.crt" 
               SSLCertificateKeyFile="/usr/share/ssl/server.key"
SSLProtocol="TLS"
/>

    5. Restart tomcat7 

    $sudo service tomcat7 restart

    You now should be able to connect via SSL https://(you server ip):8443

    lets refresh bashrc

    
$. ~/.bashrc

start tomcat:
$CATALINA_HOME/bin/startup.sh