Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring tomcat for https

Similar presentations


Presentation on theme: "Configuring tomcat for https"— Presentation transcript:

1 Configuring tomcat for https
RSSO LABS Configuring tomcat for https

2 CREATING THE KEY STORE In this example Tomcat is installed in “C:\Program Files\Apache Software Foundation RSSO\apache-tomcat ” Backup the Tomcat /conf directory Put java bin path in system environment ; C:\Program Files\Java\jre7\bin Open command prompt Ensure you can run the keytool command from the command line CD into the Tomcat/conf directory Run command to generate a new keystore. Fill out the questions. First and last name is FQDN of the server Keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.p12 -storepass internal4bmc Keystore will be created in the /conf directory

3

4 Backup the Tomcat /conf directory again
POINTING TOMCAT TO THE NEW KEYSTORE The server.xml file needs to be change to allow Tomcat to make use of the new keystore Backup the Tomcat /conf directory again Open the server.xml file in the Tomcat/conf directory Change to (or leave it uncommented but add the part in green) and save the file <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" maxHttpHeaderSize="32768" clientAuth="false" sslProtocol="TLS" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_ SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WIT H_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" keystoreFile="C:/Program Files/Apache Software Foundation RSSO/apache-tomcat /conf/keystore.p12" keystorePass="internal4bmc" keyAlias="tomcat"/>

5 Stop tomcat if not already stop delete the files from /tomcat/logs
Restart tomcat service Check logs Confirm you are able to get to Creating .csr and Signing certificates Creating the certificate signing request .CSR file and signing the certificate To create the signing request run the following command from the tomcat/conf directory Keytool -certreq -keyalg RSA -alias tomcat -file signme.csr -keystore keystore.P12 -storepass internal4bmc signme.csr will be created in the conf directory Open and browser and go to (login with administrator/ARserver1234) Go to "request a certificate" ---> "advance certificate request" --> Select "Web server template“ Paste in the certification request from the signme.csr file

6

7 Select “Base 64 encoded” Download the certificate & Download the certificate chain Two files will be downloaded the server certificate itself .cer file and the chain .p7b file Copy the certificate .cer and chain p7b file to the RSSO server /tomcat/conf directory Back up the conf directory again From the command prompt in the keystore directory run the following to import the certificate Keytool -importcert -trustcacerts -alias tomcat -keyalg RSA -keystore keystore.p12 -storepass internal4bmc -file certnew.p7b You should get a message saying “the certificate reply was installed in the keystore” Restart the Tomcat Service.

8 Select “Download a CA certificate, certificate chain, or CRL”
INSTALLING THE CA CERTFICATE IN TO YOUR BROWSER Note: Normally Root CA certificates will be rolled out automatically to all client machines via group policy. Open and browser and go to (login with administrator/ARserver1234) Select “Download a CA certificate, certificate chain, or CRL” Select “Base 64” & “Download CA certificate” When the file is downloaded, right click it and choose “install certificate” Choose open when the security warning pops up Select next on the certificate import wizard diaglog box Choose “Place all certificate in the following store” then browse and select “Trusted Root Certification Aurthorities” Hit next and finish You will get a warning saying “You are about to install a certificate from a certification authority (CA) climaing to represent: ASSO-ROOT-CA” … “Do you wish to install this certificate?” select “Yes”. You should now be able to go to the url of the Tomcat server without getting any security warnings


Download ppt "Configuring tomcat for https"

Similar presentations


Ads by Google