To launch an AWS/EC2 instance, at first setting up a security group to specify what network traffic is allowed to reach the instance. Then select an AMI and launch an instance from it. And create a volume in the same zone of the instance and attach with it. Format the device and mount it to a directory. After that follow the steps to create SSL for Tomcat: (If any of this command say permission denied , then try to execute command with sudo)
1. For the tomcat we need java, so create a directory to save the Java Binary file.
mkdir /usr/java
cd /usr/java
2. Download jdk binary file (jdk-x-linux-ix.bin) here
Use URL http://www.oracle.com/technetwork/java/archive-139210.html
3. Execute the Binary file
/usr/java/jdk-x-linux-ix.bin
Now we have the Java in our device. Then Download the Tomcat and install it followed by the instructions:-
1. Create a directory to save the tomcat
mkdir /usr/tomcat
cd /usr/tomcat
2. Download tomcat source file (apache-tomcat-x.tar.gz) here
Use URL http://apache.hoxt.com/tomcat/tomcat-6/v6.0.32/bin/
3. Extract that file
tar -zxvf apache-tomcat-x.tar.gz
4. Edit the catalina.sh file
vim /usr/tomcat/apache-tomcat-x/bin/catalina.sh
#** Add at the top **
JAVA_HOME=/usr/java/jdk1.x.x_x
save and exit
5. Start the tomcat
/usr/tomcat/apache-tomcat-x/bin/startup.sh
6. We can see the logs by using the given command
tail -f /usr/tomcat/apache-tomcat-x/logs/catalina.out
7. Take the browser and enter the URL http://localhost
Now we can see the tomcat index page
8. To stop the tomcat
/usr/tomcat/apache-tomcat-x/bin/shutdown.sh
Now configure the SSL Certificate for tomcat. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys – a Private Key and a Public Key. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) – a data file also containing your details.
Create a self signed certificate authority (CA) and keystore.
1. Make a directory to hold the certs and keystore. This might be something like:
mkdir /usr/tomcat/ssl
cd /usr/tomcat/ssl
2. Generate a private key for the server and remember it for the next steps
openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
…………………..++++++
…++++++
e is 65537 (0×10001)
Enter pass phrase for server.key:
Verifying – Enter pass phrase for server.key:
3. Generate a CSR (Certificate Signing Request). Give the data after executing this command
openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
4. Remove the passphrasse from the key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
5. Generate the self signed certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd
Getting Private key
You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate.
Create a certificate for tomcat and add both to the keystore
1. Change the path to ssl
cd /usr/tomcat/ssl
2. Create a keypair for ‘tomcat’
keytool -genkey -alias tom -keyalg RSA -keystore tom.ks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for <tom>
(RETURN if same as keystore password):
Re-enter new password:
3. Generate a CSR (Certificate Signing Request) for tomcat
keytool -keystore tom.ks -alias tom -certreq -file tom.csr
Enter keystore password:
4. create unique serial number
echo 02 > serial.txt
(If this say permission denied then, mkfile call serial.txt and chmod of it -> then try)
5. Sign the tomcat CSR
openssl x509 -CA server.crt -CAkey server.key -CAserial serial.txt -req -in tom.csr -out tom.cer -days 365
Signature ok
subject=/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown
Getting CA Private Key
6. Import the server CA certificate into the keystore
keytool -import -alias serverCA -file server.crt -keystore tom.ks
Enter keystore password:
Owner: O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB
Issuer: O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB
Serial number: ee13c90cb351968b
Valid from: Thu May 19 02:12:51 EDT 2011 until: Fri May 18 02:12:51 EDT 2012
Certificate fingerprints:
MD5: EE:F0:69:01:4D:D2:DA:A2:4E:88:EF:DC:A8:3F:A9:00
SHA1: 47:97:72:EF:30:02:F7:82:BE:CD:CA:F5:CE:4E:ED:89:73:23:4E:24
Signature algorithm name: SHA1withRSA
Version: 1
Trust this certificate? [no]: yes
Certificate was added to keystore
7. Add the tomcat certificate to the keystore
keytool -import -alias tom -file tom.cer -keystore tom.ks
Enter keystore password:
Certificate reply was installed in keystore
To configure a secure (SSL) HTTP connector for Tomcat, verify that it is activated in the $TOMCAT_HOME/conf/server.xml file. Edit this file and add the following lines.
Tomcat configuration
1. Edit the given portion of tomcat configuretion file and change the port as 80
vim /usr/tomcat/apache-tomcat-6.0.13/conf/server.xml
“””””” <Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" /> “”””””
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
2. Add the given portion to server.xml and give your password in the password portion
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="tom.ks"
keystorePass="password"
clientAuth="false" sslProtocol="TLS" />
When you start the Tomcat Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer’s web browser.
Start the tomcat with SSL Certificate
1. Restart tomcat
/usr/tomcat/apache-tomcat-6.0.13/bin/shutdown.sh
/usr/tomcat/apache-tomcat-6.0.13/bin/startup.sh
2. Go to https://Public DNS name:443/
Then your browser shows a security issue. Click the Approve button. Then you can enter to the tomcat with your certificate. When a browser connects to a secure site it will retrieve the site’s SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
You are Done !!!
Refer from: http://www.migrate2cloud.com/blog/ssl-for-tomcat-on-awsec2
Popular Posts
-
Let say we have a String something like below. String sample="abc*123"; We want to split this String by '*'. We can...
-
sound -Convert matrix of signal data to sound Syntax sound(y,Fs) sound(y,Fs,bits) Description sound(y,Fs) sends audio signal y to the speak...
-
There are new phones will remove within next few weeks from sony. Sony xperia tipo, sony xperia tipo dual Sony xperia dual has dual sim... -
When i try to configure mysql with CAS There were lots of problem occurred and i cannot find a good tutorials about this.I followed some tut...
-
PROBLEM 7 By listing the first six prime numbers: 2, 3, 5, 7, 11, and 13, we can see that the 6th prime is 13. What is the 10 001st pr...
-
This delete the file f1 File f1 = new File(file); boolean success = f1.delete(); if (!success){ System.out.println("Deleti...
-
PROBLEM The sum of the primes below 10 is 2 + 3 + 5 + 7 = 17. Find the sum of all the primes below two million. ANSWER 142913828...
-
In this post i will show you how to configure tomcat 7.x for SSL protocol in windows First we want to generate certificate file using jav...
-
samsung smart app challenge 2012 This contest offers $4.08 million in cash prizes and mega marketing support for app promotion to the to...
-
If you did not format your flash drive, then check whether the files are in hidden mode. Then follow these steps: Click on the link below ...
Friday, December 7, 2012
Subscribe to:
Comments (Atom)