SSL isn't too bad really.

1. Get familiar with Java keytool with regards to creating key-pairs,
generating certificate requests, and installing certificates.

At some point, you'll need to use keytool to generate a keypair to
create your initial java keystore.  IMPORTANT: make not of all
passwords/etc used for this as that information will be invaluable later
on.

2. Once you have a keystore setup, you can proceed to configure Tomcat.
The keystore can be setup with only a self-signed cert or with a cert
signed by a trusted CA.

Open <Tomcat_root>/conf/server.xml

If you are using a default Tomcat install, look for a Connector section
for port 8080.  In my case, I changed this section to port 80.

Below that section, is another connector which has been commented out.
This is the connector to setup for SSL.  By default, the port is 8443.
I changed mine to 443 (the standard SSL port).

Here is what my 443 connector config looks like:

<Connector
  port="443"
  scheme="https"
  secure="true"
  keystoreFile="<path_to_your_java_keystore">
  keystorePass="password_used_to_create_initial_keystore">
  sslProtocol="TLS"  
  maxSpareThreads="75"
  maxThreads="150"
  keyAlias="tomcat"  
  minSpareThreads="25"
  clientAuth="false">
</Connector>

Some Notes: For the sslProtocol, you can use SSL if you wish
For the keyAlias, this is the alias of the self-signed or imported
signed server certificate.

BIG NOTE: according to Tomcat documentation, the password for the key
MUST be the same as the password for the keystore.  Keep this in mind
when generating your first key-pair to create the keystore. 

If you go to the Tomcat website, there are some good notes on setting up
SSL.

Ben

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of strauss
Sent: Monday, October 01, 2007 9:23 AM
To: arslist@ARSLIST.ORG
Subject: Re: RESOLVED: How to perform redirection in Tomcat standalone.

What did you have to do to Tomcat to get it to run SSL?

Christopher Strauss, Ph.D.
Remedy Database Administrator
University of North Texas Computing Center
http://remedy.unt.edu/helpdesk/ 

> -----Original Message-----
> From: Action Request System discussion list(ARSList) 
> [mailto:[EMAIL PROTECTED] On Behalf Of Dan Gennidakis
> Sent: Monday, October 01, 2007 9:19 AM
> To: arslist@ARSLIST.ORG
> Subject: Re: RESOLVED: How to perform redirection in Tomcat 
> standalone.
> 
> Just went through the pain of doing this with SSL for a 
> deployment. You can also add an additional content line for 
> localhost redirection as well as the actual server name content line
> 
> i.e.
> 
> <meta http-equiv="refresh"
> content="0;URL=http://servername.com/arsys/home";>
> <meta http-equiv="refresh" 
> content="0;URL=http://localhost/arsys/home";>
> 
> In my case I changed the default ports to 80 and 443(SSL) so 
> no need for clients to put in port numbers. Port 80 in our 
> case also redirects to SSL 443 by default so the system is 
> always using SSL encryption.
> 
> Dan
> 
> -----Original Message-----
> From: Action Request System discussion list(ARSList) 
> [mailto:[EMAIL PROTECTED] On Behalf Of Watson, Benjamin A.
> Sent: Monday, October 01, 2007 9:25 AM
> To: arslist@ARSLIST.ORG
> Subject: RESOLVED: How to perform redirection in Tomcat standalone.
> 
> When you install MT 7.1 and let it install Tomcat standalone, you have
> a:
> <Tomcat_base_folder>/webapps/ROOT folder.  In that folder 
> lies the default index.html page, which is the one that is 
> shown when browsing to http://<servername>.  BTW, the default 
> index.html page for Tomcat bundled with MidTier is a page 
> that simply states "Tomcat is running...".
> 
> Simply rename this file (e.g. index.html.orig), then create a 
> new index.html file and insert the following:
> 
> <html>
> <head>
> <meta http-equiv="refresh"
> content="0;URL=http://<WebServerName>:<port>/<ContextPath>/for
> ms/<ARServ
> erName>/<FormName>">
> </head>
> <body>
> </body>
> </html>
> 
> In my case, for the URL I put http://<webservername>/arsys/home.
> 
> Ben
> 
> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Mac McMillan
> Sent: Sunday, September 30, 2007 6:01 PM
> To: arslist@ARSLIST.ORG
> Subject: Re: How to perform redirection in Tomcat standalone.
> 
> Ben,
> 
> Try this link from Tomcat Wiki.  You didn't state which 
> webserver you plan to use.  In apache, just replace the 
> default index.htm* with the same snippet shown here, it works 
> just as good.
> 
> http://wiki.apache.org/tomcat/HowTo#head-e82228c43a0ce77f71ebe
64fc99ced3
> 3c9506ffe
> 
> At any rate, it's a starting place.  Your mileage will vary...
> 
> ==Mac
> 
> On 9/27/07, Watson, Benjamin A. <[EMAIL PROTECTED]> wrote:
> > **
> >
> >
> >
> > List,
> >
> >
> >
> > Recently, we've been toying around with MidTier 7.1 & RKM 
> under Tomcat 
> > standalone.  So far, so good.  However, we do have one issue to
> address
> > before calling this a complete success in replicating our current 
> > environment.
> >
> >
> >
> > Under our current environment (IIS/ServletExec), we perform 
> a redirect
> under
> > IIS for all requests coming to the server itself to get the user to
> the
> > Remedy login page.
> >
> >
> >
> > For example, typically a user would have to enter:
> > http://<servername>/arsys/home to get to the Remedy login page.
> However,
> > under IIS (at the request of our customer) we did a 
> redirect such that
> the
> > user can now just go to http://<servername> and will be taken to the
> Remedy
> > login page.
> >
> >
> >
> > How would I accomplish this under Tomcat standalone?
> >
> >
> >
> > Thank you,
> >
> >
> >
> > Ben __20060125_______________________This posting was 
> submitted with 
> > HTML in it___
> 
> ______________________________________________________________
> __________
> _______
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org 
> ARSlist:"Where the Answers Are"
> 
> ______________________________________________________________
> __________
> _______
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org 
> ARSlist:"Where the Answers Are"
> 
> ______________________________________________________________
> _________________
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org 
> ARSlist:"Where the Answers Are"
> 

________________________________________________________________________
_______
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where
the Answers Are"

_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the 
Answers Are"

Reply via email to