Enable Encryption for Common Services Tomcat
Article ID: 223445
Updated On:
Products
Issue/Introduction
We are currently installing APACHE TOMCAT Release 15.0, coded the following parms:
IJO="-Dfile.encoding=ISO8859-1"IJO="$IJO -Dcatalina.base=${CATALINA_BASE}"IJO="$IJO -Dcatalina.home=${CATALINA_HOME}"IJO="$IJO -Djava.io.tmpdir=${CATALINA_BASE}/temp"IJO="$IJO -Dibm.serversocket.recover=true"IJO="$IJO -Dlog.dir=${CATALINA_BASE}/logs"IJO="$IJO -Djava.endorsed.dirs="IJO="${IJO}${CATALINA_HOME}/common/endorsed"IJO="$IJO -Dconnector.ssl.port=8008"IJO="$IJO -Dconnector.address=###.##.###.###"IJO="$IJO -Dderby.system.home=${CATALINA_BASE}/../../derby"IJO="$IJO -Xshareclasses:cacheDir=${CATALINA_BASE}/javasharedresources"IJO="$IJO -Xms128m -Xmx512m"IJO="$IJO -Xshareclasses:nonfatal"IJO="$IJO -Dhttps.protocols=TLSv1.2"
Do these parms ENABLE ENCRYPTION or do other parms need to be added ?
Environment
Release : 15.0
Component : CCS APACHE
Cause
Customization to enable functionality.
Resolution
The given connector statement in the XML should enable encryption.
Within the Tomcat joblog, check that port number, 8008, is active. Once confirmed, connect to the application listening at 8008 using the web browser. This will indicate that the connection is secure.
Change it in the TOMENVPR member.,..
Leave the server.xml member as is and only use the TOMENVPR member to regulate what port should be used.
Only UNCOMMENT the port you want to use... And also the kind of connection you want to use, the regular unsecure port, or the SSL port...
So to use the SSL port 8008, the use this setting in the TOMENVRPR:
JO="$IJO -Dconnector.ssl.port=8008"
If you want to use another port for SSL only leave the one you want to use uncomment.
Doing it this way, you don't need to change anything in your USS server.xml, or anywhere else and you control it all via your TOMENVPR settings..
Feedback
