We can Enable SSL on CLM Mid-Tier, after all its nothing bust, tomcat web server.
I have tried it with keytool and its working fine.
I have tomcat 6 in my CLM Setup.
You can Follow the steps mentioned below to enable SSL on CLM Mid-Tier:
1. Run the keytool utility
keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: changeit
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=CLM-MIDTIER, OU=cs144, O=Vyom, L=pune, ST=MH, C=India correct?
Enter key password for <tomcat>
(RETURN if same as keystore password):
- Type password for keystore, which is "changeit".
- [firstname and lastname] give the fully qualified host name.In this project, you will have to use localhost becuase this is the machine name that you use to access the Tomcat server from the VM.
- You need type some information about your organization, location, etc. (You can make it up as you like)
When you execute the above command, keytool will generate a public key and private key pair and store it to your keystore file.
Next step is to change your $CATALINA_HOME/conf/server.xml file to enable the SSL connection,
An example <Connector>element for an SSL connector is already included in the default server.xml file, which looks something like this:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Remove the comment around <Connector> node. (Red code) to enable SSL.
Now that everything is ready, you need to restart your Tomcat server.
To Stop use command:
> $CATALINA_HOME/bin/catalina.sh stop
To Start use command:
> $CATALINA_HOME/bin/catalina.sh start
Test Your https:
Go to brwoswer & try
(in your case ur appropirate hostname)
These steps work for me fine.
if you have any more issue with it, plz share.
also go through this link, will helpful to understand how to enable SSL in Tomcat 6
Im pretty sure the Java execption error is due to the passphrase. A giveaway is that if you are unable to start/restart apache with that config. It does not like(support) the encryped passphrase on the keyfile. Use open ssl to remove the key or generate key without pasphrase:
openssl rsa -in <filename1>.key -out <filename2>.key
Look for error: "SSLPassPhraseDialog builtin is not supported on Win32" in your logs.