JKS:
The JKS format is Java's standard "Java KeyStore" format, and is the format created by the keytool command-line utility. This tool is included in the JDK.
Step 1:
Generate your keystore file using %JAVA_HOME%/bin/keytool.exe tool.
Keytool:
Java Keytool is a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. Java Keytool stores the keys and certificates in what is called a keystore. A Keytool keystore contains the private key and any certificates necessary to complete a chain of trust and establish the trustworthiness of the primary certificate.
Generate a Java keystore and key pair:
Syntax: keytool -genkey -keyalg RSA -alias <certificate-alias> -keysize <key-size> -keystore
<keystore-filename>
Example:
keytool -genkey -alias alias -keyalg RSA -keysize 1024 –keystore d:\keystore.jks Note: keysotre password and alias password must be same.RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers.genkey: Generates a key pair (a public key and associated private key).alias: alias of your certificate
keyalg and keysize: specifies the algorithm to be used to generate the key pair, and keysize specifies the size of each key to be generated.keysotre: specify the location where you want to store your keystore file.Step 2
Configure tomcat server.xml
Modify the Connector elements in server.xml, like below:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="15000" scheme="https" secure="true" keystoreFile="bin/keystore" keystorePass="password"
clientAuth="false" sslProtocol="TLS" />
keystoreFile: specify the keysotre file path.
keystorePass: specify the keystore password.
Step 3
Configure the following elements in your deployment descriptor or web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Pages</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Then hit your web application URL with the port 8443.
transport-guarantee
This element defines a guaranteed level of data protection for the transport of data between the client and server (both ways).
Allowed values:
- NONE - no special transport guarantees (this is the default if there is no user-data-constraint defined)
- INTEGRAL - data must be sent in a way that guarantees it cannot be changed during transmission (i.e.: data is check summed, SSL achieves this)
- CONFIDENTIAL - data must be sent in a way that guarantees it cannot be observed (or changed) during transmission (i.e.: data is encrypted, SSL achieves this)
No comments:
Post a Comment