2 Replies Latest reply: Feb 12, 2013 10:12 AM by Don Kim RSS

    Enable SSL on CLM Portal

    Binu NameToUpdate

      Hi,

       

      Does anyone have any document/guideline about enabling SSL on CLM Mid-Tier servers with third part SSL ? As per Apache Tomcat SSL implementation guide I was trying with keytool but I am getting JAVA.Security exception error, eventhough I have root access.

       

      Thanks and Regards

      Binu Nittadakkan

        • 1. Enable SSL on CLM Portal
          Aryan Anantwar

          Hi Binu,

           

          We can Enable SSL on CLM Mid-Tier, after all its nothing bust, tomcat web server.

           

          I have tried it with keytool and its working fine.

           

          I have tomcat 6 in my CLM Setup.

           

          You can Follow the steps mentioned below to enable SSL on CLM Mid-Tier:

           

          1. Run the keytool utility

           

           

          keytool -genkey -alias tomcat -keyalg RSA

           

          Enter keystore password:  changeit

          What is your first and last name?

            [Unknown]: CLM-MIDTIER

          What is the name of your organizational unit?

            [Unknown]:  cs144

          What is the name of your organization?

            [Unknown]: VYOM

          What is the name of your City or Locality?

            [Unknown]: Pune

          What is the name of your State or Province?

            [Unknown]: MH

          What is the two-letter country code for this unit?

            [Unknown]: India

          Is CN=CLM-MIDTIER, OU=cs144, O=Vyom, L=pune, ST=MH, C=India correct?

            [no]:  yes

           

          Enter key password for <tomcat>

          (RETURN if same as keystore password):

           

           

           

          NOTE:

          • Type password for keystore, which is "changeit".
          • [firstname and lastname] give the fully qualified host name.In this project, you will have to use localhost becuase this is the machine name that you use to access the Tomcat server from the VM.
          • You need type some information about your organization, location, etc. (You can make it up as you like)

          When you execute the above command, keytool will generate a public key and private key pair and store it to your keystore file.

           

           

          Next step is to change your $CATALINA_HOME/conf/server.xml file to enable the SSL connection,

           

          An example <Connector>element for an SSL connector is already included in the default server.xml file, which looks something like this:


              <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
               <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                     maxThreads="150" scheme="https" secure="true"
                     clientAuth="false" sslProtocol="TLS" />
              -->
          Remove the comment around <Connector> node. (Red code) to enable SSL.


          Now that everything is ready, you need to restart your Tomcat server.

           

          To Stop use command:

          > $CATALINA_HOME/bin/catalina.sh stop

           

          To Start use command:

          > $CATALINA_HOME/bin/catalina.sh start


          Test Your https:

          Go to brwoswer & try

          https://CLM-MIDTIER:8443
          (in your case ur appropirate hostname)

           

          Finish.

           

          These steps work for me fine.

           

          if you have any more issue with it, plz share.

           

          also go through this link, will helpful to understand how to enable SSL in Tomcat 6

           

          http://oak.cs.ucla.edu/cs144/projects/project5/ssl_tomcat_tutorial.html

           

           

          Regards,

          Dnyaneshwar

          • 2. Re: Enable SSL on CLM Portal
            Don Kim

            Binu,

             

            Im pretty sure the Java execption error is due to the passphrase. A giveaway is that if you are unable to start/restart apache with that config. It does not like(support) the encryped passphrase on the keyfile. Use open ssl to remove the key or generate key without pasphrase:

             

            openssl rsa -in <filename1>.key -out <filename2>.key

             


            Look for error: "SSLPassPhraseDialog builtin is not supported on Win32" in your logs.

             

            Good luck!