Document Version 1.0
Copyright © 2012-2013 firstname.lastname@example.org
SSLOffloading SSL-Offloading, SSL Termination, Apache, Tomcat, mod_jk configuration, multiple vhosts, multiple SSL certificates one ip
In part1, we have created a sample web application TestWebSec20, and could successfully access the servlet "HalloNormal".
Now we will try to access the "HalloSec" servlet. Since the "HalloSec" servlet is declared to be accessd via URL pattern "/secure/HalloSec". So we put following URL in brower input:
We get error like "..can not connect to localhost...". And when we have a look at Tomcat's log, we will see that Tomcat has logged a fatal error at start (and we ignored it in part1):
This is because, Tomcat detected that a resource is protected with HTTPS, so it tries to locad the SSL keystore (keystore is needed by JAAS) in the users home location (Linux). But for the default Tomcat instllation there is no keystore file available yet.
Create and configure keystore for Tomcat
In standard JDK package there is "keytool" under JAVA_HOME/bin/. This keytool could be used to create a keystore for Tomcat/JAAS. Run following conmand:
Now a keystore file named "localhost_keystore" is created. (with password "test1234", we will need the password to configure Tomcat SSL)
Here instead of using default ".keystore" location, we used customer keystore location and keystore name. Now we need to configure Tomcat's ssl connector in server.xml:
Start Tomcat and try accessing the secured servlet again:
Click the left side area of browser input to show the certificate. It is the certificate we just created! Successful!!
SSL Offloading with mod_jk part 3
part1 part4 part5 part6