Tuesday, July 14, 2009

Specifying SSL Certificate and Keystore Location & Password

A small reminder about how to configure the location and password for your keystore with Tomcat. By default Tomcat will look for your keystore (with the file name .keystore) in the home directory with the default password. It is possible to change the filename, password, and the location that Tomcat looks for the keystore by configuring the SSL Connector in "server.xml" (in conf folder in tomcat). "keystoreFile" is the parameter specifying key location and "keyPass" would specify the corresponding password. the finished config may look something like:
<Connector port="8443" 
    protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" 
    keystoreFile="/home/user_name/my_domain.key" 
    keypass="my_keystore_password"/>

This, however, will not help you if you are using an SSL socket. This is just for making an https connection. If you want to control only keystore and truststore name and password for your socket, you need to give the system properties the values by either specifying the same in vm parameters or setting it in the code:

Using VM parameters:
-Djavax.net.ssl.keyStore=keystore.jks 
-Djavax.net.ssl.keyStorePassword=abc123 
-Djavax.net.ssl.trustStore=truststore.jks 
-Djavax.net.ssl.trustStorePassword=abc123

In Code:
Properties properties = System.getProperties();
properties.put("javax.net.ssl.keyStore", keyStoreName);
properties.put("javax.net.ssl.keyStorePassword", keyStorePassword);
properties.put("javax.net.ssl.trustStore", trustStoreName);
properties.put("javax.net.ssl.trustStorePassword", trustStorePassword);

For a better understanding of SSL Sockets, please refer to the JSSE Reference Guide. Nevertheless, this is not the end of your woes if you want to control the location as well. This would make sense if you wished to package your application with some default stores so as it can potentially work right out of the box. Here is a piece of code that can help you to do exactly that: Managing store locations
Posted by at
Labels: ,

1 comment:

Unknown said...

Hi - this is very useful, i have also found this guide to installing ssl cert on jakarta tomcat as well

February 22, 2010 at 6:01 AM

Post a Comment

Subscribe to: Post Comments (Atom)