1. Create the Keystore using keytool. It creates the private key and public key.
2. copy the private key. Get the security certificates from the commercial SSL certificate provider (like Verisign Inc.).
3. Import the certificates provided by the commercial vendors. Follow the sequence while importing. The sequence is - import the site specific certificate, domain specific certificate and root certificate. WHILE IMPORTING ROOT CERTIFICATE use the option to override the public key that was generated while creating the keystore. Otherwise it won't work. We had hardtime with this problem and almost 3/4 days wasted
-------------Sample Certification from Verisign------------
MIIBqzCCARQCAQAwbDELMAkGA1UEBhMCdXMxFjAUBgNVBAgTDW1hc3NhY2h1c2V0d
HMxDzANBgNVBAcTBmJvc3RvbjEUMBIGA1UEChMLc3RhdGVzdHJlZXQxDjAMBgNVBAs
TBWJhc2VsMQ4wDAYDVQQDEwVtYXN1ZDCBnjANBgkqhkiG9w0BAQEFAAOBjAAwgYgCg
YBRbqxofvLkEFjrUSy0Z56+ZIIQIuHD84rhD0uGHN0FrM8B0Ssl8okN8eQIYf+5/tQrfZDZ+
q86ZDA5YcvNc1QnGMboKAIt8WKZnSAmrUxNZ9AJ+CblmN575ygOpHjygY9o8RLYbJmPOl
VZMaDano9rQwjyp8G3jnW4Fn6T5+Qm1QIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAS
B0buuQp9IG4Cg+05S/YOD30YC0NXO3gzZED0Z8ik5js/TGt9LlYQtiPG9Gki9IjBhLEmYtJaz
26qXrbqXBYqx5eG/ItLp+TFRdC4qAuVOiaGzHDx0eqEx7w5OOt6EkVHVhfKK3YYqevTY3ll
4WyL0F6ASaTLrem/0F75Zwqx4o=
-----END NEW CERTIFICATE REQUEST-----
keytool -import -alias intermediateCA -keystore test.keystore -trustcacerts -file intermediateCA.cer
Enter keystore password: foobar
Owner: CN=VeriSign Trial Secure Server Test CA,
OU=Terms of use at https://www.v/erisign.com/cps/testca (c)05,
OU="For Test Purposes Only. No assurances.",
O="VeriSign, Inc.",
C=USIssuer: CN=VeriSign Trial Secure Server Test Root CA, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.",
C=USSerial number: 63b1a5cdc59f78801da0636cf975467b
Valid from: Tue Feb 08 19:00:00 EST 2005
until: Sun Feb 08 18:59:59 EST 2015Certificate fingerprints:
MD5: 8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43
SHA1: D0:A5:BB:56:9E:CE:BE:B3:65:14:00:DE:BF:24:8B:A4:86:8C:7B:D8Trust this
certificate? [no]: yes
Certificate was added to keystore
keytool -import -alias test -keystore test.keystore -trustcacerts -file Cert.cerEnter keystore password: foobar
keytool error: java.lang.Exception: Failed to establish chain from reply
Showing posts with label Tomcat. Show all posts
Showing posts with label Tomcat. Show all posts
Sunday, October 28, 2007
Integrating Apache webserver with Tomcat
This article is intended to provide a step by step description of the integration of two popular servers, Apache web server and Tomcat application server. There are at least thousands of documents that can be found on the web that describes the integration of these two servers. I read few of those to while doing the integration in my project. Though the downloaded documents helped me a lot to understand the steps but I found that most of those are effected by the same mistake- the generalization to support wide range of servers' versions and preconception that readers know the details before starting reading their articles. Here I’ll try to emphasize the exact steps without keeping any preconceptions.
There are some limitations of this article and those are - it describes a specific scenario along with specific versions of Apache web server, Tomcat app server and Operating system. If your need is to configure any other version, that is not mentioned, don't blame me that you were not warned beforehand. My suggestion to you is to browse for more appropriate articles.
Prerequisites
To start the integration you’ll need to collect some tools and file(s) that will be required to reach the success point
Servers version
The following tools will be required:
i. Web Server: Apache HTTPD 2.0.46 ( I collected it from www.apache.org/dist/httpd/ location)
ii. Application Server: Jakarta Tomcat 4.1.18 (I collected it from http://jakarta.apache.org/site/binindex.cgi location)
iii. Tomcat connector: mod_jk-1.2.8-apache-2.0.52.so (I collected it from http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/ location)
Operating System
While doing the integration I worked on the following configurations of the operating system:
i. Windows XP.
ii. XP Service pack II
Servers configuration
You’ll have to configure both servers so that these can talk to each other. At first take a brief why you have to configure both of the servers:
This is the sole responsibility of Apache to find out the Tomcat to connect with. For this, Apache needs a connector that can talk to Tomcat and that is the connector. There are several types of connector you can use. I used the JK connector to be connected with the Tomcat. The connector needs to know the port of the Tomcat server where to send data (the JK listening port of Tomcat). So the Apache needs to configure itself to find out the Tomcat and the Tomcat needs to configure itself to be found by the Apache.
Apache WebServer
The apache configuration steps are as follows:
i. copy the Tomcat connector file (rename mod_jk-1.2.8-apache-2.0.52.so to mod_jk.so) to the APACHE_HOME/modules/ location
ii. Create the workers.properties file in the APACHE_HOME/conf location and copy the following
lines and paste in the above properties file:
# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker. worker1.type=ajp13
worker. worker1.host=localhost
worker. worker1.port=11009
worker. worker1.lbfactor=50
worker. worker1.cachesize=10
worker. worker1.cache_timeout=600
worker. worker1.socket_keepalive=1
worker. worker1.socket_timeout=30000
iii. Edit the APACHE_HOME/conf/httpd.conf file as follows:
a. Add the following lines at the end of the LoadModule statements:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
b. Add the following lines at the end of the DocumentRoot directive statement:
JkMount /webapp_name worker1
JkMount /webapp_name/* worker1
Tomcat
Uncomment the tag (if already commented out) and change the port to 11009 (the value might be 8009) in the TOMCAT_HOME/conf/server.xml file
Test the integration
Do the following:
i. Start the Tomcat Server
ii. Start the Apache Web Server
iii. Open a browser and type the URL in the Address bar http://host/webapp_name
iv. Enjoy your application through the Apache Web Server.
There are some limitations of this article and those are - it describes a specific scenario along with specific versions of Apache web server, Tomcat app server and Operating system. If your need is to configure any other version, that is not mentioned, don't blame me that you were not warned beforehand. My suggestion to you is to browse for more appropriate articles.
Prerequisites
To start the integration you’ll need to collect some tools and file(s) that will be required to reach the success point
Servers version
The following tools will be required:
i. Web Server: Apache HTTPD 2.0.46 ( I collected it from www.apache.org/dist/httpd/ location)
ii. Application Server: Jakarta Tomcat 4.1.18 (I collected it from http://jakarta.apache.org/site/binindex.cgi location)
iii. Tomcat connector: mod_jk-1.2.8-apache-2.0.52.so (I collected it from http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/ location)
Operating System
While doing the integration I worked on the following configurations of the operating system:
i. Windows XP.
ii. XP Service pack II
Servers configuration
You’ll have to configure both servers so that these can talk to each other. At first take a brief why you have to configure both of the servers:
This is the sole responsibility of Apache to find out the Tomcat to connect with. For this, Apache needs a connector that can talk to Tomcat and that is the connector. There are several types of connector you can use. I used the JK connector to be connected with the Tomcat. The connector needs to know the port of the Tomcat server where to send data (the JK listening port of Tomcat). So the Apache needs to configure itself to find out the Tomcat and the Tomcat needs to configure itself to be found by the Apache.
Apache WebServer
The apache configuration steps are as follows:
i. copy the Tomcat connector file (rename mod_jk-1.2.8-apache-2.0.52.so to mod_jk.so) to the APACHE_HOME/modules/ location
ii. Create the workers.properties file in the APACHE_HOME/conf location and copy the following
lines and paste in the above properties file:
# Define 1 real worker using ajp13
worker.list=worker1
# Set properties for worker1 (ajp13)
worker. worker1.type=ajp13
worker. worker1.host=localhost
worker. worker1.port=11009
worker. worker1.lbfactor=50
worker. worker1.cachesize=10
worker. worker1.cache_timeout=600
worker. worker1.socket_keepalive=1
worker. worker1.socket_timeout=30000
iii. Edit the APACHE_HOME/conf/httpd.conf file as follows:
a. Add the following lines at the end of the LoadModule statements:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
b. Add the following lines at the end of the DocumentRoot directive statement:
JkMount /webapp_name worker1
JkMount /webapp_name/* worker1
Tomcat
Uncomment the tag (if already commented out) and change the port to 11009 (the value might be 8009) in the TOMCAT_HOME/conf/server.xml file
Test the integration
Do the following:
i. Start the Tomcat Server
ii. Start the Apache Web Server
iii. Open a browser and type the URL in the Address bar http://host/webapp_name
iv. Enjoy your application through the Apache Web Server.
Subscribe to:
Comments (Atom)