Enable SSL
Author: Tim Reilly
- Shut down Cascade Server
-
Create a keystore (from http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html):
- Execute the following command:
Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
- For the password, enter “changeit”
- Move the newly created .keystore file into \cascade\server\default\conf(Windows: the .keystore file can typically be found in the Documents and Settings folder under the user's sub folder; eg, C:\Documents and Settings\Administrator)
(Linux: the .keystore file can typically be found in the home directory of the user who created it; eg, /home/user) -
Edit the file 'server.xml' (found in \cascade\server\default\deploy\jbossweb-tomcat50.sar)
- Uncomment the area for SSL/TLS Connector configuration
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector address="${jboss.bind.address}" clientAuth="false" keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" keystorePass="rmi+ssl" maxSpareThreads="15" maxThreads="100" minSpareThreads="5" port="8443" scheme="https" secure="true" sslProtocol="TLS"/>
- Verify that the keystorePass attribute contains the password for the keystore
- Verify that the keystoreFile attribute points to the location of the keystore file - Start Cascade Server – it should now be accessible through https://{host}:8443
NOTE: If both the HTTP/1.1 Connector and the SSL/TLS Connector sections are left uncommented, users will still be able to access the site through port 8080. This can be changed by:
Commenting out the HTTP/1.1 Connector section in 'server.xml'
OR
Forcing Tomcat over SSL. To do this, enter the following code into 'web.xml', just before the closing </web-app> element (web.xml is located in \cascade\server\default\deploy\jbossweb-tomcat50.sar\conf):