SSL

Browser connects via SSL to Tomcat/Yanel

Binary Version

Within the file TOMCAT/webapps/yanel/WEB-INF/web.xml one can set

Restart Tomcat (please make sure that Tomcat has SSL turned on, see "conf/serverl.xml")

Source Version

Within the file src/build/(local.)build.properties one can set the parameters tomcat1.ssl.port=8443 and tomcat2.ssl.port=8443. Then re-configure Tomcat (run "configure" to turn on SSL for Tomcat resp. patch "conf/server.xml") resp. re-build (run "build" to patch the "web.xml" file) Yanel

Please note that the keystore file local/apache-tomcat-7.0.25/yanel.keystore is generated by src/build/targets/webapp/webapp.xml (and src/build/targets/webapp/cluster.xml), whereas the configiration parameters are taken from src/build/(local.)build.properties (See properties 'certificate.*').

Yanel connects via SSL to third-party server

In some cases Yanel might has to access third-party servers which are only accessible via SSL (e.g. ActiveMQ). In order to do so one can configure a trust-store inside Yanel as described in the following paragraphs:

Creating a trust-store file called 'truststore.jks'

Assuming that you have a certificate (named 'CA_CERTIFICATE') from the CA that signed the third-party server's certificate. One can create a trust-store file (named 'truststore.jks') by executing the following command:

keytool -importcert -v -alias MY_ALIAS -file CA_CERTIFICATE -storepass MY_PASSWORD -keystore truststore.jks

Check whether the certificate has been added correctly by running (use password MY_PASSWORD)

keytool -v -list -keystore truststore.jks

In order to delete a certificate from the truststore use

keytool -delete -alias MY_ALIAS -keystore truststore.jks

Configuring the location of the trust-store

One can configure the location of the trust-store file and its password inside yanel.xml. Yanel is reading this configuration at startup and will set the java system properties 'javax.net.ssl.trustStore' and 'javax.net.ssl.keyStorePassword' accordingly.

Using the trust-store configuration

Your custom Yanel code (e.g. to init javax.net.ssl.TrustManager[] ...) might access the trust-store configuration by using

System.getProperty("javax.net.ssl.trustStore");
System.getProperty("javax.net.ssl.keyStorePassword");

Misc

Add a trusted CA to Firefox (for example for testing the certificate)

Your comments are much appreciated

Is the content of this page unclear or you think it could be improved? Please add a comment and we will try to improve it accordingly.


All You Need About Download Unique Selling Proposition License Getting Started Features Documentation Development/Community Get the Source Mailing Lists Task/Bug Tracker Governance Principles Processes Acknowledgements References Professional Services Support Consulting Training Solutions Contact Search	SSL Browser connects via SSL to Tomcat/Yanel Binary Version Within the file TOMCAT/webapps/yanel/WEB-INF/web.xml one can set <servlet> ... <init-param xmlns:webApp="http://java.sun.com/xml/ns/j2ee"> <param-name>ssl-port</param-name> <param-value>8443</param-value> </init-param> </servlet> Restart Tomcat (please make sure that Tomcat has SSL turned on, see "conf/serverl.xml") Source Version Within the file src/build/(local.)build.properties one can set the parameters tomcat1.ssl.port=8443 and tomcat2.ssl.port=8443. Then re-configure Tomcat (run "configure" to turn on SSL for Tomcat resp. patch "conf/server.xml") resp. re-build (run "build" to patch the "web.xml" file) Yanel Please note that the keystore file `local/apache-tomcat-7.0.25/yanel.keystore` is generated by `src/build/targets/webapp/webapp.xml` (and `src/build/targets/webapp/cluster.xml`), whereas the configiration parameters are taken from `src/build/(local.)build.properties` (See properties 'certificate.*'). Yanel connects via SSL to third-party server In some cases Yanel might has to access third-party servers which are only accessible via SSL (e.g. ActiveMQ). In order to do so one can configure a trust-store inside Yanel as described in the following paragraphs: Creating a trust-store file called 'truststore.jks' Assuming that you have a certificate (named 'CA_CERTIFICATE') from the CA that signed the third-party server's certificate. One can create a trust-store file (named 'truststore.jks') by executing the following command: `keytool -importcert -v -alias MY_ALIAS -file CA_CERTIFICATE -storepass MY_PASSWORD -keystore truststore.jks` Check whether the certificate has been added correctly by running (use password MY_PASSWORD) `keytool -v -list -keystore truststore.jks` In order to delete a certificate from the truststore use `keytool -delete -alias MY_ALIAS -keystore truststore.jks` Configuring the location of the trust-store One can configure the location of the trust-store file and its password inside `yanel.xml`. Yanel is reading this configuration at startup and will set the java system properties '`javax.net.ssl.trustStore`' and '`javax.net.ssl.keyStorePassword`' accordingly. Using the trust-store configuration Your custom Yanel code (e.g. to init `javax.net.ssl.TrustManager[] ...`) might access the trust-store configuration by using `System.getProperty("javax.net.ssl.trustStore");` `System.getProperty("javax.net.ssl.keyStorePassword");` Misc Add a trusted CA to Firefox (for example for testing the certificate) Your comments are much appreciated Is the content of this page unclear or you think it could be improved? Please add a comment and we will try to improve it accordingly.
Powered by Wyona Yanel \| Wyona Balancer \| Apache Tomcat \| Apache HTTP Server Copyright © 2021 Wyona. All rights reserved . - Page Info - Toolbar - Do not track: false