• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

How to enable SSL for only one site in Tomcat

 
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I am using Tomcat 6. How to enable SSL to only one site without affecting the other sites in server.xml.

Suppose there are two applications using port 8080. How to apply it to only one of the apps.

Thanks
 
Sheriff
Posts: 22510
122
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Moving to Tomcat.
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The whole point of SSL is that it has to have a separate port - "https" cant share with normal "http" URLs. The following is from a Tomcat 6 server.xml file, normally commented out.



Take a look at your Tomcat server.xml - the normal Connector has a "redirectPort" attribute that tells where the SSL port lives.

So if you have a SSL Connector defined, you can have one app use https URLs as needed.

Bill
 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the reply.

Few questions regarding the configuration for SSL to be applied on the app.

Does this need additional configuring in the IIS?

How does the certificate get applied this app?

How to configure the app to use port 8443 instead of port 8080.

Is there any other configuration needed other than the one in server.xml?

Thanks
 
Ranch Hand
Posts: 160
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To enable SSL you have to uncomment the given below mapping to enable SSL in server.xml file .
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

Anwser of your second question that how to get certificate , to create a certificate you have to use keytool utility in java to create a certificate and using jarsigner utility you have to sign your Application jar file.

Thanks


 
Saloon Keeper
Posts: 24560
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You don't certify an app, you certify a server. Different apps in Tomcat don't have different certificates, instead they all share the same one. This isn't normally a problem, since the cert isn't part of the app anyway.

Use of SSL is determined by the transport security definitions in an app's web.xml file. You can - and I do - have apps with public sections that don't require SSL and private sections that do require SSL. Once a user has been switched into SSL mode, even the public access can continue under SSL, but secured sections can only work under SSL.

The first part of any URL is its protocol specification. When you specify "http", you're declaring that you intend to communicate using the HTTP protocol to port 80 of the destination server. When you specify "https", you're declaring an intent to use https (including SSL) to port 443 on that server. These are defaullt ports and can be overridden. One of the more famous examples is Tomcat, which, as shipped listens on port 8080 instead of port 80 so that it can easily share a server container with the Apache HTTP Server. So direct access to Tomcat is done by appending a port override: "http://hostname:8080/webapp/url". Likewise for https: "http://hostname:8443/webapp/secureurl".

 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Does this need additional configuring in the IIS?





Eeeek - you are using IIS as a front-end? You better hit the IIS forums for configuration hints, I don't think many people here are stuck with that.

Bill
 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the replies.

The server has the certificate already Microsoft CA 128 bit SSL compatible with SSL version 1 and 3.

I have to use the same, compliance etc.

Can I apply this to the app in Tomcat?

There are other coldfusion apps on it. They are configured through the IIS.

This app need not be configured in IIS but I have to use this certificate only.

Thanks
 
Justin Howard
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All,

Should I try posting it in another forum.

Thanks
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic