H-Sphere Documentation Sysadmin Guide

For more information contact us at info@psoft.net

Tomcat Installation
 

Currently, we don't install H-Sphere with Jakarta Tomcat or provide support for new installs of H-Sphere running on Tomcat servers. However, you can install Tomcat with SSL for your own needs alongside with H-Sphere apache JServ.

  1. Download and unpack Tomcat installation package;
  2. Export ${TOMCAT_HOME}, ${JAVA_HOME}, $PATH=$PATH:${JAVA_HOME}/bin environment variables to the startup server script (or to the user's profile if you are running tomcat manually).

If you are planning to run tomcat as a standalone server (i.e. without apache), you may wish to create an SSL certificate. It takes the following steps:

  1. Unpack Java Secure Socket Extension package (jsse.tgz) in the ${TOMCAT_HOME}/lib and ${JAVA_HOME}/jre/lib/ext directories
    (for details visit http://java.sun.com/products/jsse/index-14.html).
  2. In the ${TOMCAT_HOME}/conf directory, make the following changes to the server.xml configuration file:
    1) uncomment the SSL connector container:
    <Connector className="org.apache.tomcat.service.PoolTcpConnector">
    <Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
    <Parameter name="port" value="8443"/>
    <Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory"/>
    <Parameter name="keystore" value="/var/tomcat/conf/keystore" />
    <Parameter name="keypass" value="changeit"/>
    <Parameter name="clientAuth" value="false"/>
    </Connector>
    In this example the certificate file is /var/tomcat/conf/keystore. The keystore password is "changeit" and clients' authentification is not required;
    2) if you don't want to use insecure (default 8080) port simultaneously with secure port when starting tomcat, you must remark appropriate "Connector" container.
  3. Generate an RSA SSL certificate for tomcat or convert it from an existing PEM certificate.
    1) GENERATION:
    a) export CLASSPATH=${JAVA_HOME}/jre/lib/ext into the startup tomcat script
    (or into user's profile if tomcat is started manually);
    b) into the ${JAVA_HOME}/jre/lib/security/java.security file add the following line:
    security.provider.2=com.sun.net.ssl.internal.ssl.Provider
    c) run "keytool -genkey -alias tomcat -keyalg RSA" to generate a certificate file.
    This will create the ${HOME}/.keystore file, which then should be copied into the directory specified in the "keystore" parameter of the server.xml file).
    d) start the server.
    2) CONVERTING from a serv.crt file (PEM format) signed by a trusted Certificate Authority:
    run keytool -import -v -trustcacerts -alias tomcat -file "/path_to_serv.crt"


Home   Products   Services   Partners   Support   News   Contact   Forum
© Copyright 1998-2003. Positive Software Corporation.
All rights reserved.