Provisioning Reference GuideSPML ServiceSPML Service Configuration › Configure SSL Support for Tomcat Servers

Previous Topic: Delete an Existing Service

Next Topic: Configure SPML Client Computer to Support SSL Security

Configure SSL Support for Tomcat Servers

The Secure Socket Layer (SSL) is a technology that helps ensure the authentication, integrity, and confidentiality of SPML messages. For information on setting up the SSL, see the Configuration HOWTO at http://jakarta.apache.org/tomcat/.

Note: The following procedure is provided for reference only. You may want to configure your SSL certificate differently or change your keystore password to one of your own choosing for better security. Also, if you have installed JDK version 1.5, you should refer to http://jakarta.apache.org/tomcat/ for details.

To install and configure SSL support for Tomcat using a self-signed certificate, perform the following steps:

  1. Verify that JDK version 1.4.2_04 is installed by selecting the Add/Remove Programs list in your Control Panel for the program Java 2 SDK, SE v 1.4.2_04.
  2. Create a new keystore containing one self-signed certificate by entering the appropriate command from the command prompt.

    On Windows systems, you should enter:

    %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\keystore_filename

    On UNIX systems, you should enter the following:

    %JAVA_HOME%/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore \path\keystore_filename

    The keystore creation process begins.

  3. Enter the keystore password when prompted.

    Note: The default password used by Tomcat is changeit (all lowercase). If preferred, you can specify a custom password, but you must then specify the custom password in the server.xml configuration file also (see Step 8).

    The keystore creation process continues.

  4. Enter general information for the certificate when prompted. The general information includes company, contact name, and so on. This information displays to users who attempt to access a secure page in your application, so make sure that the information provided here is appropriate.

    The keystore creation process continues.

  5. Enter the key password when prompted. This password is created specifically for this certificate (not for any other certificates stored in the same keystore file). You must use the same password for this and the keystore password.

    A keystore file with a certificate that your server can use is created.

  6. Browse to the <Tomcat_installation_directory>\conf\ directory and open the server.xml file in a text editor.
  7. Ensure that the SSL Coyote HTTP/1.1 Connector entry is not commented out in the file. The connector information looks similar to the following: 
    <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
<!--
<Connector className="org.apache.catalina.connector.http.HttpConnector"
      port="8443" minProcessors="5" maxProcessors="75"
      enableLookups="true" acceptCount="10" debug="0" scheme="https"
      secure="true">
 <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
      clientAuth="false" protocol="TLS"/>
</Connector>
-->

    If the Connector element is commented out, you must remove the comment tags, defined as less than sign, exclamation point, hyphen, hyphen (<!--) and hyphen, hyphen, greater than sign (-->) around it.

  8. Configure the SSL Coyote HTTP/1.1 Connector entry to include the keystoreFile and keystorePass attributes for the Factory element.

    keystoreFile
    Specifies the location where the keystore file is located.

    keystorePass
    Specifies the keystore (and certificate) password.

    The connector information should look similar to the following:

    <Connector className="org.apache.catalina.connector.http.HttpConnector"
      port="8443" minProcessors="5" maxProcessors="75"
      enableLookups="true" acceptCount="10" debug="0" scheme="https"
      secure="true">
 <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
      keystoreFile="your_keystore_full_path"
      keystorePass="your_keystore_password"
      clientAuth="false" protocol="TLS"/>
</Connector>
  9. Save the file and close it.

    SSL support and self-signed certificates are configured for Tomcat.

  10. Restart the Tomcat server.