Installation of Apache Tomcat with truted HTTPs

I have done it for Debian. Trusted HTTPS configuration is the last page. I took help from the URL:
http://www.debianhelp.co.uk/apachetomcat.htm
http://www.debianhelp.co.uk/selfcert.htm
Requirements:

Apache2, mod_jk, apache tomcat 5.5.16,  JDK, openssl, libapache-mod-ssl

Step by step Configuration:
1. Install apache2. For tomcat we have to change some from the normal configuration. (I folowed the URL http://www.debianhelp.co.uk/apachetomcat.htm )

2. Install JDK at Debian. (I followed the URL http://www.debianhelp.co.uk/apachetomcat.htm ).
3. Install and Configuring Tomcat.
a. Download the tar.gz file from
http://tomcat.apache.org/download-55.cgi
b. extract the files using following commands.
#cd /downloads #unp apache-tomcat-5.5.16.tar.gz

#mv apache-tomcat-5.5.16 /usr/lib

c.#cd /usr/lib

d. Now create a symbolic link called apache-tomcat to the CATALINA_HOME by the following command.
#ln -s apache-tomcat-5.5.16 apache-tomcat

e. #cd /usr/lib/apache-tomcat/bin

f. #./startup.sh

4. Install and Configure mod_jk (I followed the URL http://www.debianhelp.co.uk/apachetomcat.htm)

5.  Configuring Tomcat and Apache. (I followed URL http://www.debianhelp.co.uk/apachetomcat.htm)

a. First create the workers.properties file in your Apache2 root directory.

b. open the workers.properties file and add some lines.(For details http://www.debianhelp.co.uk/apachetomcat.htm)

c. Add some  lines at /etc/apache2/apache2.conf file (For details http://www.debianhelp.co.uk/apachetomcat.htm)

d. add a user tomcat at a group tomcat.

e. change the user and group of the Tomcat path

f. change the password of tomcat.

g. start and stop tomcat server using tomcat user

h. restart apache2.

6. Creating self signed SSL Certification Using OpenSSL (for details http://www.debianhelp.co.uk/selfcert.htm )

a. install openssl and libapache-mod-ssl

b. create a workable directory.

c. create a database for the certificates we will sign

d. We have to add some lines to openssl.cnf (for deatils check http://www.debianhelp.co.uk/selfcert.htm)

e. Run the following command:

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \

-out cacert.pem -days 3650 -config ./openssl.cnf

7. Creating a Certificate Signing Request (CSR):

a.Our configuration file needs some more definitions for creating non-CA certificates. Add the following at the end of the file:

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

b. insert the following line to the req section after the distinguished_name line as shown:

distinguished_name = req_distinguished_name
req_extensions = v3_req

c. Now we are ready to create first certificate request.

d. openssl req -new -nodes -out req.pem -config ./openssl.cnf

e. openssl req -in req.pem -text -verify -noout

f.Signing a certificate: Insert some line at openssl.cnf file (for detail http://www.debianhelp.co.uk/selfcert.htm)

g. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

h. Installing the certificate and key.

cat key.pem cert.pem  key-cert.pem

i. After this step, you have three installable components to choose from: A private key in key.pem, A certificate in cert.pem, A combined private key and certificate in key-cert.pe.

Copy the appropriate files into the locations specified by the instructions for your application and system. Restart the applications, and you are in operation with your new certificate.

j. Apache (For details URL http://www.debianhelp.co.uk/selfcert.htm)

k. Stunnel (For Details URL http://www.debianhelp.co.uk/selfcert.htm)

l. Distributing CA Certificates (For Details URL http://www.debianhelp.co.uk/selfcert.htm)

m. Renewing Certificates(For Details URL http://www.debianhelp.co.uk/selfcert.htm)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: