2 Replies Latest reply: Feb 12, 2013 10:12 AM by Dkimvvl RSS

Enable SSL on CLM Portal

Binu NameToUpdate

Hi,

 

Does anyone have any document/guideline about enabling SSL on CLM Mid-Tier servers with third part SSL ? As per Apache Tomcat SSL implementation guide I was trying with keytool but I am getting JAVA.Security exception error, eventhough I have root access.

 

Thanks and Regards

Binu Nittadakkan

  • 1. Enable SSL on CLM Portal
    Aryan Anantwar

    Hi Binu,

     

    We can Enable SSL on CLM Mid-Tier, after all its nothing bust, tomcat web server.

     

    I have tried it with keytool and its working fine.

     

    I have tomcat 6 in my CLM Setup.

     

    You can Follow the steps mentioned below to enable SSL on CLM Mid-Tier:

     

    1. Run the keytool utility

     

     

    keytool -genkey -alias tomcat -keyalg RSA

     

    Enter keystore password:  changeit

    What is your first and last name?

      [Unknown]: CLM-MIDTIER

    What is the name of your organizational unit?

      [Unknown]:  cs144

    What is the name of your organization?

      [Unknown]: VYOM

    What is the name of your City or Locality?

      [Unknown]: Pune

    What is the name of your State or Province?

      [Unknown]: MH

    What is the two-letter country code for this unit?

      [Unknown]: India

    Is CN=CLM-MIDTIER, OU=cs144, O=Vyom, L=pune, ST=MH, C=India correct?

      [no]:  yes

     

    Enter key password for <tomcat>

    (RETURN if same as keystore password):

     

     

     

    NOTE:

    • Type password for keystore, which is "changeit".
    • [firstname and lastname] give the fully qualified host name.In this project, you will have to use localhost becuase this is the machine name that you use to access the Tomcat server from the VM.
    • You need type some information about your organization, location, etc. (You can make it up as you like)

    When you execute the above command, keytool will generate a public key and private key pair and store it to your keystore file.

     

     

    Next step is to change your $CATALINA_HOME/conf/server.xml file to enable the SSL connection,

     

    An example <Connector>element for an SSL connector is already included in the default server.xml file, which looks something like this:


        <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
         <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
        -->
    Remove the comment around <Connector> node. (Red code) to enable SSL.


    Now that everything is ready, you need to restart your Tomcat server.

     

    To Stop use command:

    > $CATALINA_HOME/bin/catalina.sh stop

     

    To Start use command:

    > $CATALINA_HOME/bin/catalina.sh start


    Test Your https:

    Go to brwoswer & try

    https://CLM-MIDTIER:8443
    (in your case ur appropirate hostname)

     

    Finish.

     

    These steps work for me fine.

     

    if you have any more issue with it, plz share.

     

    also go through this link, will helpful to understand how to enable SSL in Tomcat 6

     

    http://oak.cs.ucla.edu/cs144/projects/project5/ssl_tomcat_tutorial.html

     

     

    Regards,

    Dnyaneshwar

  • 2. Re: Enable SSL on CLM Portal
    Dkimvvl

    Binu,

     

    Im pretty sure the Java execption error is due to the passphrase. A giveaway is that if you are unable to start/restart apache with that config. It does not like(support) the encryped passphrase on the keyfile. Use open ssl to remove the key or generate key without pasphrase:

     

    openssl rsa -in <filename1>.key -out <filename2>.key

     


    Look for error: "SSLPassPhraseDialog builtin is not supported on Win32" in your logs.

     

    Good luck!