Enable SSL
Author: Tim Reilly
- Shut down Cascade Server
-
Create a keystore (from http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html):
- Execute the following command:
Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
- For the password, enter “changeit”(Windows: the .keystore file can typically be found in the Documents and Settings folder under the user's sub folder; eg, C:\Documents and Settings\Administrator)
(Linux: the .keystore file can typically be found in the home directory of the user who created it; eg, /home/user) -
Edit the file 'server.xml' (found in \tomcat\conf)
- Uncomment the area for SSL/TLS Connector configuration
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" /> - Start Cascade Server – it should now be accessible through https://{host}:8443
NOTE: If both the HTTP/1.1 Connector and the SSL/TLS Connector sections are left uncommented, users will still be able to access the site through port 8080. This can be changed by:
Commenting out the HTTP/1.1 Connector section in 'server.xml'
OR
Forcing Tomcat over SSL. To do this, enter the following code into 'web.xml', just before the closing </web-app> element (web.xml is located in \tomcat\conf):