tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Wall <d.w...@computer.org>
Subject Re: SSL Certificate Beginner Question
Date Wed, 30 Nov 2005 04:25:10 GMT

>     <-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
><!--
><Connector
>           port="8443" minProcessors="5" maxProcessors="75"
>           enableLookups="true" disableUploadTimeout="true"
>           acceptCount="100" debug="0" scheme="https" secure="true";
>           clientAuth="false" sslProtocol="TLS"/>
>-->
>  
>
You probably want to add the following attributes to the Connector above:

keystoreFile="keys/tomcatkeys" keystorePass="123"

Obviously, make the keystoreFile point to the name of the Java keystore 
that you put your certificate inside, along with the password for that 
keystore.  I believe the base is $CATALINA_HOME if you use a relative 
pathname like above.

You'll also need to update your webapp's web.xml file with something 
like (that is, if you want Tomcat to enforce SSL on your webapp):

(after any servlet-mapping XML elements, before the session-config 
and/or welcome-file-list XML elements of web-app element in WEB-INF/web.xml)

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Entire site</web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>



Hope that helps...

David

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message