the first step to install a self signed certificate is to create a private and public key pair. This can be done by the below command
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
This first asks for the keystore password. This password we need to also specify in the server.xml file
Then asks for the credentials to be incldued in the certificate. This step basically asks for organization name, first name, last name, state. province
as a last step, this asks for the key password for the certificate itself. Note that the first password was for the keystore itself.There can be many certificates in a key store btw.
When creating the keystore, the RSA algorithm is preferred which provides general compatibility with other servers and components.
The above command will create a file with extension .keystore in the home directory of the user.
The next step mainly is to edit the apache tomcat configuration file. This one i could not get it working in the first shot.
There looks to be two implementation of SSL on tomcat
1. JSSE implementation which comes with Java 1.4 as default
2. APR implementation which uses the openSSL engine by default.
As per the SSL guide, it was described to configure any of the bwloe
<-- --="" 8443="" a="" blocking="" connector="" coyote="" define="" http="" java="" on="" port="" ssl="">
<-- --="" 8443="" a="" connector="" coyote="" define="" http="" java="" non-blocking="" on="" port="" ssl="">
OR
<-- --="" 8443="" a="" apr="" connector="" coyote="" define="" http="" on="" port="" ssl="">
But i could not really find any of these two, so i did not do anything specific here.
The final step is to configure the connector in the server.xml file. I already had something like below without the keystore file
and the keystorePass entries in the xml. So it looked like below after the configuraton.
<-- --="" 8443="" a="" connector="" coyote="" define="" http="" on="" port="" ssl="">
<!--
After the above configurations, restarted the server. But it was throwing below error at the console.
SEVERE: Error starting endpoint
java.lang.IllegalStateException: Unable to initialise endpoint. A previous call
to init() failed. See previous log messages for details.
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:638)
at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:865)
at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.ja
va:139)
at org.apache.catalina.connector.Connector.start(Connector.java:1197)
at org.apache.catalina.core.StandardService.start(StandardService.java:5
40)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:754
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Mar 19, 2014 1:08:34 AM org.apache.catalina.core.StandardService start
SEVERE: Failed to start connector [Connector[HTTP/1.1-8443]]
LifecycleException: service.getName(): "Catalina"; Protocol handler start fail
ed: java.lang.IllegalStateException: Unable to initialise endpoint. A previous c
all to init() failed. See previous log messages for details.
No comments:
Post a Comment