There are dozens of guides for getting SSL working on Tomcat, but I never find one that quite fits the bill, so here’s my super-short guide to configuring Tomcat 7 (7.0.37) on Windows to serve SSL-encrypted requests for testing purposes only.
1. Install & Setup OpenSSL
You need OpenSSL to generate a certificate and a server key. You can download a binary release of OpenSSL from here: http://slproweb.com/products/Win32OpenSSL.html (I used the light win64 version).
During installation I opt to install binaries in the OpenSSL installation directory (The OpenSSL binaries (/bin) directory) to keep things tidy.
Open a command prompt and add OpenSSL to the path to make it easy to work with:
set PATH=%PATH%;C:\OpenSSL-Win64\bin
Tell OpenSSL where its configuration file is:
set OPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.cfg2. Create Certificate & Key
2.1: Generate a server key file:
openssl genrsa -des3 -out server.key 1024I specified a password of ‘changeit’
2.2: Generate a Certificate Signing Request (CSR):
openssl req -new -key server.key -out server.csr
Supply the password you just created, and press enter through each option.
2.3: Remove the pass phrase from the server key:
copy server.key server.key.org openssl rsa -in server.key.org -out server.key
2.4: Generate the self-signed certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
You’ll now have the following files in your directory:
server.crt server.csr server.key server.key.org
3. Configure Tomcat 7
Copy server.crt and server.key to your tomcat conf directory. Configure the SSL connector as follows:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" SSLCertificateFile="..\conf\server.crt" SSLCertificateKeyFile="..\conf\server.key" SSLVerifyClient="optional" SSLProtocol="TLSv1"/>
Tomcat will now support SSL for the connector listening on port 8443. When you go to an https URL your browser will warn you that the certificate is not trusted because it’s a self-signed certificate, but you’re just testing right?
Thanks to these guys for their related posts:
- http://billcomer.blogspot.co.uk/2010/03/ssl-tomcat-and-self-signed-certificates.html
- http://jaspreetchahal.org/warning-cant-open-config-file-usrlocalsslopenssl-cnf/
'develop > etc' 카테고리의 다른 글
| 윈도우에서 긴 파일명 삭제 (0) | 2018.12.20 |
|---|---|
| 프로젝트 용어 관련 (0) | 2016.04.19 |
| WebSquere 설정 및 기본 스크립트 (0) | 2016.03.25 |
| ssl keystore (0) | 2015.02.12 |
| openSSL 을 이용한 zeus webserver 설정 (0) | 2015.02.11 |