Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to enable SSL for only one site in Tomcat

 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am using Tomcat 6. How to enable SSL to only one site without affecting the other sites in server.xml.

Suppose there are two applications using port 8080. How to apply it to only one of the apps.

Thanks
 
Rob Spoor
Sheriff
Pie
Posts: 20669
65
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moving to Tomcat.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13074
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The whole point of SSL is that it has to have a separate port - "https" cant share with normal "http" URLs. The following is from a Tomcat 6 server.xml file, normally commented out.



Take a look at your Tomcat server.xml - the normal Connector has a "redirectPort" attribute that tells where the SSL port lives.

So if you have a SSL Connector defined, you can have one app use https URLs as needed.

Bill
 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply.

Few questions regarding the configuration for SSL to be applied on the app.

Does this need additional configuring in the IIS?

How does the certificate get applied this app?

How to configure the app to use port 8443 instead of port 8080.

Is there any other configuration needed other than the one in server.xml?

Thanks
 
Jasmine kaur
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To enable SSL you have to uncomment the given below mapping to enable SSL in server.xml file .
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

Anwser of your second question that how to get certificate , to create a certificate you have to use keytool utility in java to create a certificate and using jarsigner utility you have to sign your Application jar file.

Thanks


 
Tim Holloway
Saloon Keeper
Posts: 18304
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't certify an app, you certify a server. Different apps in Tomcat don't have different certificates, instead they all share the same one. This isn't normally a problem, since the cert isn't part of the app anyway.

Use of SSL is determined by the transport security definitions in an app's web.xml file. You can - and I do - have apps with public sections that don't require SSL and private sections that do require SSL. Once a user has been switched into SSL mode, even the public access can continue under SSL, but secured sections can only work under SSL.

The first part of any URL is its protocol specification. When you specify "http", you're declaring that you intend to communicate using the HTTP protocol to port 80 of the destination server. When you specify "https", you're declaring an intent to use https (including SSL) to port 443 on that server. These are defaullt ports and can be overridden. One of the more famous examples is Tomcat, which, as shipped listens on port 8080 instead of port 80 so that it can easily share a server container with the Apache HTTP Server. So direct access to Tomcat is done by appending a port override: "http://hostname:8080/webapp/url". Likewise for https: "http://hostname:8443/webapp/secureurl".

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13074
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does this need additional configuring in the IIS?




Eeeek - you are using IIS as a front-end? You better hit the IIS forums for configuration hints, I don't think many people here are stuck with that.

Bill
 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the replies.

The server has the certificate already Microsoft CA 128 bit SSL compatible with SSL version 1 and 3.

I have to use the same, compliance etc.

Can I apply this to the app in Tomcat?

There are other coldfusion apps on it. They are configured through the IIS.

This app need not be configured in IIS but I have to use this certificate only.

Thanks
 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All,

Should I try posting it in another forum.

Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic