This is a guide that shows you on how to set up SSL on your Tomcat that hosts Joget. Bear in mind that this is something that we configure at the server level (Tomcat) and not at application level (Joget). Methods to set up may differ from one web server to another.

1. Generating a key store file

First of all, we will need to generate a key store file. You may want to generate it with or without a SSL certificate purchased from your SSL certificate provider. This is an example on generating one by ourselves.

C:\Program Files\Java\jdk1.7.0\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Robert
What is the name of your organizational unit?
  [Unknown]:  home
What is the name of your organization?
  [Unknown]:  home
What is the name of your City or Locality?
  [Unknown]:  SF
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Robert, OU=home, O=home, L=SF, ST=CA, C=US correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password): password
Re-enter new password: password

C:\Program Files\Java\jdk1.7.0\bin>

2. Configuring your Tomcat

Make sure that your server is not running. Open up \apache-tomcat\conf\server.xml, uncomment and edit the following lines accordingly.

<!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->

    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"

			   keystoreFile="C:/Users/Robert/.keystore"
			   keystorePass="password"
			   />

Compared to the original settings, the following attributes have been added/changed.

port: 8443 to 443 (If you intend to browse to https://yourDomain instead of https://yourDomain:8443)
keystoreFile: Path to the .keystore file
keystorePass: The password defined earlier

Start your server. You may now surf to your Joget at *https://yourDomain/jw* or *https://yourDomain:8443/jw* depending on what is configured.

References:

Apache Tomcat 6.0 SSL Configuration HOW-TO

Setting Up SSL on Tomcat in 5 minutes

  • No labels