Wednesday, August 4, 2010

Https protocol : SSL Configuration

Secure Socket Layer

SSL, or Secure Socket Layer, is a technology which allows web browsers and web servers to communicate over a secured connection. This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.

Another important aspect of the SSL protocol is Authentication. This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a "Certificate", as proof the site is who and what it claims to be. In certain cases, the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be. This is known as "Client Authentication," although in practice this is used more for business-to-business (B2B) transactions than with individual users. Most SSL-enabled web servers do not request Client Authentication.

Apache Reference

To know more click here

I used following, to implement Https protocol :

  • JDK 1.6
  • Tomcat 6


1 . Create a certificate keystore:

HTTPS requires an SSL Certificate. When you generate an SSL Certificate, you are creating a keystore file (dot keystore file).

{JAVA_HOME}\bin> keytool -genkey -alias tomcat -keyalg RSA

Eg :

C:\Program Files\Java\jdk1.6.0_21\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: madan chaudhary
What is the name of your organizational unit?
[Unknown]: Technology
What is the name of your organization?
[Unknown]: Hewitt
What is the name of your City or Locality?
[Unknown]: Mumbai
What is the name of your State or Province?
[Unknown]: Maharashtra
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=madan chaudhary, OU=Technology, O=Hewitt, L=Mumbai, ST=Maharashtra, C=IN c
orrect?
[no]: y

Enter key password for
(RETURN if same as keystore password):
Re-enter new password:

C:\Program Files\Java\jdk1.6.0_21\bin>

note : Remember your tomcat password, which we will use in our tomcat configuration file ie server.xml

Lets look at a console window

Console Window

 Now check your Home folder ie 

     C:\Documents and Settings\{user home}

     and observe a .keystore file


























2. Configuring Tomcat for using the Keystore file

Now add the following codes in

{CATALINA_HOME}/conf/server.xml

file

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/.keystore" keystorePass="your tomcat password"
clientAuth="false" sslProtocol="TLS" />



You change ${user.home} according to your requirement.

Also don't forget to set JAVA_HOME and CATALINA_HOME in environment variable.



Now we are done with our settings now start the tomcat server, if you look at the console it will look something like this
































Now lets create any testing page (htm/jsp etc).
lets say my page is https://localhost:8443/Test/index.jsp