SSL for WebNow
Click here for an easy to read version of this post. A special thanks goes out to Todd Bartlett, UNC Wilmington, for providing tips on this process.
Now I don’t claim to know everything about ImageNow, WebNow or Apache Tomcat however I did figured out something that isn’t documented by PSI. Back up all files before making any changes, a list of files that are changed is immediately following this paragraph for convenience. Everything below in red should be changed appropriately.
D:\inserver6\etc\inserver.ini
C:\Program Files\Apache Software Foundation\Tomcat 6\conf\server.xml
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\webnow\WEB-INF\tomcat.web.xml
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\webnow\WEB-INF\web.xml
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\webnow\WEB-INF\weblogic.web.xml
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\webnow\WEB-INF\weblogic.xml
C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\webnow\WEB-INF\websphere.web.xml
Configuring WebNow to use SSL:
First the easy part
1. Open the Inserver.ini located in the D:\inserver6\etc folder using Notepad
2. Change webnow.url from http://host/webnow to https://host/webnow
3. Save and exit Notepad
Now for slightly more complex part
1. 1. All steps are completed from a command prompt at C:\Program Files\JAVA\JRE1.6_07\bin
a. Create new keystore
i. keytool -genkey -alias tomcat -keyalg RSA -keystore c:\Keystore\server.keystore -keystorepass changeit
b. Create CSR
i. keytool -certreq -keyalg RSA -alias tomcat -file c:\keystore\certreq.csr -keystore c:\keystore\server.keystore -keystorepass changeit
1. Be prepared to enter the info below
a. Name = server.domain.edu
b. OU = ISD
c. O = University of Somewhere
d. L = City
e. S = State
f. C = US
c. Send CSR to Cert Provider
d. Import chain certificate (example below assumes Verisign)
i. keytool -import -alias root -keystore c:\keystore\server.keystore -keystorepass changeit-trustcacerts -file C:\keystore\verisign.cer
e. Import the new certificate
i. keytool -import tomcat-keystore c:\keystore\server.keystore -keystorepass changeit-trustcacerts -file c:\keystore\certnew.cer
2. 2. The following should be completed in a text editor such as notepad
a. Make changes to the server.xml located at C:\Program Files\Apache Software Foundation\Tomcat 6\conf\server.xml
i. Drop the code below in the .xml file under above the line that reads <!– Define an AJP 1.3 Connector on port 8009 –>
<– Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 –>
<Connector protocol=”org.apache.coyote.http11.Http11Protocol”
port=”443″ minSpareThreads=”5″ maxSpareThreads=”75″
enableLookups=”true” disableUploadTimeout=”true”
acceptCount=”100″ maxThreads=”200″
scheme=”https” secure=”true” SSLEnabled=”true”
keystoreFile=”c:\keystore\server.keystore” keystorePass=”changeit”
clientAuth=”false” sslProtocol=”TLS”/>
b. (optional) Make changes to tomcat.web.xml, web.xml, weblogic.web.xml, weblogic.xml, and websphere.web.xml located in C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\webnow\WEB-INF to prevent users being prompted with a security dialogue in Internet Explorer.
i. Using notepad edit all lines for http://java.sun.com/update/… to https://java.sun.com/update/…
3. 3. Restart all ImageNow and Apache services.
If anything is a bit too cryptic please leave a comment and I will address it. Click here for an easy to read version of this post.
October 14 2008 | ImageNow/WebNow | No Comments »