• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Junilu Lacar
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Piet Souris
  • Carey Brown
  • Stephan van Hulst
Bartenders:
  • Frits Walraven
  • fred rosenberger
  • salvin francis

Setup truststore in Tomcat

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I need to setup truststore in Tomcat in order my web application to communicate with other external system. The communication to the external system is accomplished using TCP via SSL.
What I found on the net is only how to setup Tomcat to receive ssl requests (user browse the tomcat web app with https). I need to setup Tomcat to be the client.

I managed to add a certificate in a truststore using java keytool, but I failed in the attempts of configuring Tomcat to load this truststore.

Currently my code looks something like this:



I want to get rid of 'System.setProperty' lines of code and add it in Tomcat configuration somehow so it can be loaded on server startup.

Thanks and Regards
 
best scout
Posts: 1294
Scala IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Vir,

welcome to JavaRanch

Tomcat is a typical server application. You shouldn't look for information on how to make Tomcat a SSL client. I guess what you really want to know is how to connect to another server from within a web application. Does this make sense to you? If so, then how exactly do you have to connect to what kind of server?

Marco
 
Vir Dagama
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Marco,

Thank you for your reply.

Sorry, I might have been a bit misleading in my explanation above.

I have a very standard and simple web application which is deployed on tomcat. Occasionally this web application needs to communicate with an external system to retrieve data. The communication protocol is TCP via SSL. All that is known for this external system is the certificate that it will accept (which i've imported in a trustore), its ip and port.

I have working solution for the above scenario (I use standard java ssl and net APIs). My webapp successfully connects to the external system. The problem is that I have hardcoded the following system properties in my code:



What I'm trying to find is if there is some way to configure this trusstore in Tomcat configuration rather than hardcoding it in my java code.


Thank you for your time
Vir
 
Marco Ehrentreich
best scout
Posts: 1294
Scala IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Vir,

that explanation makes a lot more sense to me So basically your problem is all about externalizing configuration parameters for a web application!

One quick solution would be to set the required system properties via the environment variables JAVA_OPTS or CATALINA_OPTS before starting Tomcat. You could simply add a parameter like this:

The disadvantage is that you have to take care to add these parameter whenever you switch to another Tomcat server. Another (possible) disadvantage is that these properties are visible to ALL web applications.

Another solution could be to use the web.xml descriptor and set a context parameter or similar. This of course could require re-packaging in case of a change.

A third option is to use a completely different configuration file or configuration mechanism.

Surely there are additional possibilities like configuration via JMX etc. etc.

I hope this helps a little bit!

Marco
 
Vir Dagama
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you, that helped a lot!

Cheers
 
Marco Ehrentreich
best scout
Posts: 1294
Scala IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I hope so

One more advice (from personal experience): It's a very good practice to avoid as much environment dependencies as possible, i.e. it should always be clear what parameters and where to configure them in order to make the application work correctly. Especially some "magic parameters" like system environment variables are easily forgotten if someone tries to run the application on a different machine.

Moreover I would try to avoid portability issues by using OS dependent paths like in your example. This makes it much easier to simply deploy the application into any compatible application server or servlet container running on any OS. In some situations it may be arguable to take care of portability issues but if you plan for it early it usually isn't hard to achieve to keep everything portable.

Marco
 
reply
    Bookmark Topic Watch Topic
  • New Topic