running tomcat over SSL

[Segi]

Has anyone run Tomcat & eBase over SSL ?

I want to see how we can do that using our domain level certificate. What is necessary to set that up ?

[Steve James]

Hi, yes we run Ebase over SSL. It's just normal Tomcat SSL setup and we use a wildcard certificate.

We have a corporate pfx file and it is easy enough (nowadays) to get Tomcat running SSL.

eg conf\server.xml

Code: Select all

Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" enableLookups="true" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" keystoreFile="D:\ssl\Wilcard20141103.pfx" keystoreType="PKCS12" keystorePass="dangermouse" sslProtocol="TLS"

[Segi]

I'm trying to get https to work but Ebase won't load over https, only http.

This is what I did:

1. I imported my certificate using keytool

Code: Select all

keytool.exe -import -trustcacerts -alias tomcat -keystore c:\ebaseXi\photon.jks -file c:\ebaseXi\photoncert.cer

2. I added this to my service.bat as a JVM option:

Code: Select all

-Djavax.net.ssl.trustStore=c:\eBaseXi\photoncert.cer

then deleted and reinstalled the service which starts up normally without any errors in the logs.

3. Added this to tomcat\conf\server.xml: (I removed the less than symbol in front of Connector on purpose because this chunk of code was getting rended as HTML even though its inside a

Code: Select all

 block)

[code]
 Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25"
	enableLookups="true" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" keyAlias="tomcat" keystoreFile="C:\ebaseXi\photoncert.cer" keystorePass="mypassword" /> 
[/code]

https does not work. It eventually times out. Is there something else that I need to do to get https to work ?