A small reminder about how to configure the location and password for your keystore with Tomcat. By default Tomcat will look for your keystore (with the file name .keystore) in the home directory with the default password. It is possible to change the filename, password, and the location that Tomcat looks for the keystore by configuring the SSL Connector in "server.xml" (in conf folder in tomcat). "keystoreFile" is the parameter specifying key location and "keyPass" would specify the corresponding password. the finished config may look something like:
<Connector port="8443"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/user_name/my_domain.key"
keypass="my_keystore_password"/>
This, however, will not help you if you are using an SSL socket. This is just for making an https connection. If you want to control only keystore and truststore name and password for your socket, you need to give the system properties the values by either specifying the same in vm parameters or setting it in the code:
Using VM parameters:
Using VM parameters:
-Djavax.net.ssl.keyStore=keystore.jks
-Djavax.net.ssl.keyStorePassword=abc123
-Djavax.net.ssl.trustStore=truststore.jks
-Djavax.net.ssl.trustStorePassword=abc123
In Code:
Properties properties = System.getProperties();
properties.put("javax.net.ssl.keyStore", keyStoreName);
properties.put("javax.net.ssl.keyStorePassword", keyStorePassword);
properties.put("javax.net.ssl.trustStore", trustStoreName);
properties.put("javax.net.ssl.trustStorePassword", trustStorePassword);
For a better understanding of SSL Sockets, please refer to the JSSE Reference Guide. Nevertheless, this is not the end of your woes if you want to control the location as well. This would make sense if you wished to package your application with some default stores so as it can potentially work right out of the box. Here is a piece of code that can help you to do exactly that: Managing store locations
1 comment:
Hi - this is very useful, i have also found this guide to installing ssl cert on jakarta tomcat as well
Post a Comment