Thursday, October 11, 2012

Installing SSL certificate on Apache with Tomcat

Sponsored Links
I have an Apache tomcat stack on which Apache is front proxy and tomcat is serving contents. How to install SSL on this scenario? Whether to install ssl on Apache or Install ssl on Tomcat? In my case Apache and tomcat is connected using mode_jk. I installed ssl on apache. Here is the steps how I did. Comment if you know some better methods. Operating system used is Centos 5.4, Apache version is httpd-2.2.3-65.el5.centos and Tomcat tested on 5 and 6.

Check here for Installing and configuring Apache with tomcat using mod_jk
Generating key and csr:
yum install mod_ssl openssl

Key:
openssl genrsa -out www.yourdomain.com.key 2048

csr:
openssl req -new -key www.yourdomain.com.key -out www.yourdomain.com.csr
You have to give

Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Karnataka
Locality Name (eg, city) [Newbury]:Bangalore
Organization Name (eg, company) [My Company Ltd]:Some Company Private Limited
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:www.yourdomain.com
Email Address []:someone@yourdomain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [You can skip by pressing enter]
An optional company name []: [You can skip by pressing enter]

Now you have generated csr.
Now buy ssl for this csr from Godaddy,bigrock,geotrust or whomever you trust. Don't forget to keep the key safe.

Now when the crt is issued do the following.
Save the ssl and ca certificates
Add ssl.conf to /etc/httpd/conf.d/ (It will be there if you install mod_ssl)
Include ssl.conf in your httpd.conf

And give the following in ssl.conf

SSLCertificateFile /etc/pki/tls/certs/www.yourdomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.yourdomain.com.key
SSLCACertificateFile /etc/pki/tls/private/www.yourdomain.com.ca.crt

Restart apache. You are done.
To redirect all the http to https you can use the following rewrite rules.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Recommended Reading

1. Network Security with OpenSSL
2. Implementing SSL / TLS Using Cryptography and PKI
3. Network Security with OpenSSL: Cryptography for Secure Communications
4. SSL and TLS: Designing and Building Secure Systems

Sponsored Links

No comments:

Post a Comment

Be nice. That's all.