Currently, we don't install H-Sphere with Jakarta Tomcat or provide support for
new installs of H-Sphere running on Tomcat servers. However, you can install
Tomcat with SSL for your own needs alongside with H-Sphere apache JServ.
- Download and unpack Tomcat installation package;
- Export ${TOMCAT_HOME}, ${JAVA_HOME}, $PATH=$PATH:${JAVA_HOME}/bin
environment variables to the startup server script (or to the
user's profile if you are running tomcat manually).
If you are planning to run tomcat as a standalone server (i.e. without
apache), you may wish to create an SSL certificate. It takes the following
steps:
- Unpack Java Secure Socket Extension package (jsse.tgz) in the
${TOMCAT_HOME}/lib and ${JAVA_HOME}/jre/lib/ext directories
(for details visit http://java.sun.com/products/jsse/index-14.html).
- In the ${TOMCAT_HOME}/conf directory, make the following changes
to the server.xml configuration file:
1) uncomment the SSL connector container:
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="8443"/>
<Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory"/>
<Parameter name="keystore" value="/var/tomcat/conf/keystore"
/>
<Parameter name="keypass" value="changeit"/>
<Parameter name="clientAuth" value="false"/>
</Connector>
In this example the certificate file is /var/tomcat/conf/keystore.
The keystore password is "changeit" and clients' authentification
is not required;
2) if you don't want to use insecure (default 8080) port simultaneously
with secure port when starting tomcat, you must remark appropriate
"Connector" container.
- Generate an RSA SSL certificate for tomcat or convert it from
an existing PEM certificate.
1) GENERATION:
a) export CLASSPATH=${JAVA_HOME}/jre/lib/ext into the startup
tomcat script
(or into user's profile if tomcat is started manually);
b) into the ${JAVA_HOME}/jre/lib/security/java.security file add
the following line:
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
c) run "keytool -genkey -alias tomcat -keyalg RSA" to
generate a certificate file.
This will create the ${HOME}/.keystore file, which then should
be copied into the directory specified in the "keystore"
parameter of the server.xml file).
d) start the server.
2) CONVERTING from a serv.crt file (PEM format) signed by a trusted
Certificate Authority:
run keytool -import -v -trustcacerts -alias tomcat -file "/path_to_serv.crt"
|