Chapter 11: Tomcat and Apache HTTP Server Create
Chapter 11: Tomcat and Apache HTTP Server Create a Self-Signed Certificate In a production environment, the certificate signing request file generated ( server.csr) is sent to a Certificate Authority and a certificate purchased. For test deployments, you can generate a self-signed certificate. The following command shows this being done: openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 The -days option specifies the number of days after which the certificate will expire. The following is a sample output from this step: Signature ok subject=/C=US/ST=NJ/L=Hoboken/O=Wiley/OU=Wrox Press/CN=192.168.23.168/emailAddre ss=mail@myserver.com Getting Private key The self-signed certificate is generated in the server.crtfile. Install the Certificate Copy the private server key file (server.key) and server certificate file (server.crt) to the $APACHE_ HOME/conf directory. Make sure that the server.keyand server.crt can be read by the user running the Apache Web server. Set the file permission of the files in the certworks directory to protect them from unwanted access (depending on your local policy). You don t need this directory or its files any more because all that Apache requires is the server.crtand server.crt files. However, it is useful to keep around perhaps backed up elsewhere if you ever need to generate your certificate again. Setting Up mod_ssl in Apache The default SSL configuration file can be found in the $APACHE_HOME/conf/extra directory and is called httpd-ssl.conf. This file would then need to be included from httpd.conf. Edit this file following the extensive comments if you need to customize the configuration. Some directives you might need to tweak include the following: . SSLCertificateKeyFile: Path to the server private key file (i.e., the server.keyfile) . SSLCertificateFile: Path to the server certificate file (i.e., the server.crtfile) . VirtualHost: The SSL virtual host context. If you are setting up virtual hosts, or even redirecting to a Tomcat worker, this is the place where you should make your configuration changes. The DocumentRootin the default VirtualHost points to Apache s DocumentRoot let this remain unchanged for now. Finally, you need to make a few edits in the $APACHE_HOME/conf/httpd.conf so that Apache can use the mod_sslextension. First, uncomment or add this line (if not already existing) to load the mod_ssllibrary:
For high quality java hosting services please check tomcat web hosting website.