I'm running two applications on my tomcat sevrer (one is in spring boot, second is in angular which uses the first one) now I want to enable https connections to both of my applications. I have generated the following files:
MyDomain.cer
MyDomain.key
MyDomain.csr
Now I want to secure connection to my applications using TLS 1.2.
And now I'm stuck. According to Tomcat guide i should create a keystore file to store my keys, then I should generate new key. I want to use the files I have already generated, how can I archive this?
Could you describe or redirect me to a page where I can find a step-by-step guide how to configure https on tomcat with the files I have?
found solution:
generate jsk key
put it in tomcat keystore folder (if doesnt exist, create it)
configure server xml to point to key storage with your generated key
more detailed instruction on how to can be found here.
Related
In older version of Liferay this was set in the control panel.
This manifests as a problem where we make the HTTPS connection to application, but Application start executed, but the browser to load unprotected data, which the browser reports as an error.
Can I use this (Switch - relocate) for (changing from HTTP to HTTPS)?
My Local application opening in HTTP. I need to migrating to HTTPS URL.
How can I use properties file to configure. ex: relocate http://ab.qa.app.us/ https://ab.qa.app.us/?
If I understand the question correctly and this issue is targeted to your local lifeary bundle, you will need to do the following steps to configure HTTPS on Tomcat and Liferay. Please clarify if you have already done these steps and still running into issues:
Enable HTTPS with a self-signed certificate on Tomcat (follow steps in the Liferay wiki article below)
Add the following property to the portal-ext.properties file.
company.security.auth.requires.https=true
Please refer to the article for more information: How to configure HTTPS in Liferay
I need to consume a secure webservice deployed in WSO2 AS from another web service develop in axis2 and deployed in apache tomcat.
I create a java project to test the secure webservice client and I work OK.
But when I move the client code inside the axis2 service I cannot access to some resources like in this cases:
System.setProperty("javax.net.ssl.trustStore", "keys\\store.jks");
in this case I have the keys folder in the root of the wb services
sc.engageModule("rampart");
and in this case I leave the code idem
Any idea about this?
Well getting a resource path from an archieve file whether it is a jar ,war or aar is a tedious problem. There are two options two choose from:
1- Since client application runs on a servers put jks file somewhere on the server path, its path retrieved dynamically via property. (Either system property, servers context etc.)
2- A customSSLFactory handling loading keystore from resources.
This SO thread mentions such solution, which i used it too to connect to server via SSL from a web service without touching system properties.
we are using worker roles to host java apps that are essentially Tompact and App code within an azure package.
We want to be able to setup SSL without having to bake the certs into the app package in a similar way to the .Net side, where you can refer to certs in the certificate store.
How can this be achieved?
I have read this blog post http://blogs.msdn.com/b/avkashchauhan/archive/2010/11/07/adding-ssl-https-security-with-tomcat-java-solution-in-windows-azure.aspx which states we need to create a keystore.bin file from the cert and include it in the package.
The problem is, I dont want to bake the certs into the package for ease of management when rolling out code to multiple environments with different certs etc, and also from a management point of view around cert expiry etc.
Thanks
Amit
The key is how do you want to bring the certificate in the Azure VM to be configured and and used by Tomcat. Another key question is that Tomcat/Java does not use standard Windows CertStore for certificate instead it uses keystore (extended part of your Java runtime) so if you are not using key store configuration in Windows Azure Package then you would need to create on fly during Windows Azure VM configuration.
While others may have different idea, I can propose the following solution:
You need Tomcat Installation done at this point do either you can pack tomcat with Azure
Package or you would need to download and install Tomcat through Startup task
Drop the certificate files on Windows Azure Storage (or some other location on internet)
Create a start up task to download certs either from Windows Azure Storage or your download location
After the certificate is downloaded to local machine, run the same command in Azure VM within startup task to build the key store and be sure to create keystore where your tomcat is going to look it.
This way when the Tomcat starts it knows where to look for key store and configure the endpoint properly.
There is another way is to put together whole Tomcat setup along with keystore etc at Windows Azure Storage and download through Startup task and set it up in the Azure VM. I have described this process in my this blog along with sample source.
In both of above ways whenever you would want to change the Tomcat/certificate, just update the package at your download location and then re-image/Restart the Azure VM and you will have updated VM with new code and you really don't need tore-create Windows Azure Package.
I am developing a web application with GWT. Now it is running in development mode in local server with Jetty. Could anyone tell me how can I set up the SSL in this case. Thank you in advance.
I successfully added SSL to a Jetty server in the past following the steps detailed here: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
The following steps are required to configure Jetty for SSL:
Step 1: Generate or obtain a public/private key pair and x509 certificate.
Step 2: Optionally obtain a certificate from a known certificate authority.
Step 3: Load the keys and the certificates into a JSSE Keystore.
Step 4: Configure a JsseListener with the location and passwords for the keystore.
If you're talking about GWT's DevMode and its embedded Jetty, see http://code.google.com/p/google-web-toolkit/source/browse/trunk/dev/core/src/com/google/gwt/dev/shell/jetty/README-SSL.txt
I always recomend placing a general purpose web server in front of the java server. It is a reverse proxy for the dinamic html and serves directly the static media. The configurability ans flexibility of this configuration is great, and sometimes easier and faster, look at cherokee server, fast, light and has a awesome web interface for administration.
Want to add headers for cross-site ajax?, easy. Configure the *.cache.js to cache forever and the rpc calls to no-cache/private? two clicks!
We've built a Java EE app in JBoss that exposes web services to external consumers. We want to secure these services so that we know who is making the web service invocations. We have a registration process that requires the consumers to upload their public key so that we can add it to our truststore. However it is currently a manual process of using the keytool from the command line to add them to the truststore.
This whole setup seems rather primitive. I don't like the idea of a truststore on the filesystem that is not part of the database. There must be an approach that lets you utilize the database to store the certs. Should I put the certs in a blob column, and roll my own custom TrustManager that pulls the public key out of the db and verifies the signature? Or is there some other generally implemented open-source solution to this problem?
Why don't you just store the PEM file in database? It can be a BLOB or a text column.
Google's web app registration is a good example,
http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html#register
Look at step 4: Upload a security certificate.