Setting up SSL for Web Sockets Print

  • 0

This article will help you get setup to use websockets with your Tomcat hosting service.

Requirements

  • You must have ssh knowledge and ability to configure your own servers.xml. This is not for beginners.
  • You must request special SSL port by submitting help desk ticket requesting ssl port for web sockets.
  • If you cannot figure this out with this document, we can help you with hands on service fee.

Option 1

Set up self signed certificate

This option is good for testing only. It will show that your web sockets are working over SSL, however you will see warnings from the browser because self signed is not fully secured.

First step is the generate your self signed SSL certificate using java's keytool-genkey. Below example uses jdk8. You will want to use the jdk version that you are using to compile your application. So you will need to substitute jdk8 with other jdk7, jdk10, jdk11 and soon jdk12 if available.

/usr/java/jdk8/bin/keytool -genkey -alias tomcat -keyalg RSA

Above command will prompt for below details

Please Note:

  1. Below example, enter your information at the prompts.
  2. Where it asks 'What your first and last name?' Enter the domain name here.
  3. Provide password in the first password prompt and then just hit enter to use the same password at the second prompt. (Make note of pass as you will need this)
[user@jpcloud ~]$ /usr/java/jdk8/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /chroot/home/USERNAME/.keystore
   Enter keystore password:
   Re-enter new password:
   What is your first and last name?
   [Unknown]: YOURDOMAIN.COM
   What is the name of your organizational unit?
   [Unknown]: Unit Name such as Bakery
   What is the name of your organization?
   [Unknown]: NAME OF COMPANY
   What is the name of your City or Locality?
   [Unknown]: YOUR CITY
   What is the name of your State or Province?
   [Unknown]: YOUR STATE
   What is the two-letter country code for this unit?
   [Unknown]: US
   Is CN=yourdomain.com, OU=Bakery, O=Company Name, L=Your City, ST=Your State, C=US correct?
 [no]: yes
 Enter key password for <tomcat>
  (RETURN if same as keystore password):
Re-enter new password:

Now you see keystore file at /chroot/home/USERNAME/.keystore

Next edit server.xml and add the below block
Note: Enter the correct port, keystorepass and keystorefile location.

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
   disableUploadTimeout="true" enableLookups="false" maxThreads="25"
   port="33236" keystoreFile="/chroot/home/USERNAME/.keystore" keystorePass="YOURPASS"
   protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
   secure="true" sslProtocol="TLS" />

Restart tomcat and access at http://YOURDOMAIN.COM:33236/

Option 2

Use real SSL Certificate from Geotrust or other.

Order SSL certificate for the domain you wish to use here: https://javapipe.com/ssl-certificates/

You can use siteworx to generate Key and CSR to request for the CRT. Once you get the CRT you can proceed.

KBs for SSL on Siteworx

For this instruction we will call these files: yourdomain.key, yourdomain.crt and yourdomain.ca.crt

  1. Upload the 3 files to your account on the server.
  2. Combine the private key and the certificate into a PKCS12 keystore with the following command:

    openssl pkcs12 -export -in yourdomain.crt -inkey yourdomain.key -out /chroot/home/USERNAME/.keystoretmp -name tomcat -CAfile yourdomain.ca.crt -caname root
  3. Enter password when prompted.
  4. Now run command below to create the actual keystore file. Below example uses jdk8. You will want to use the jdk version that you are using to compile your application. So you will need to substitute jdk8 with other jdk7, jdk10, jdk11 and soon jdk12 if available.

    /usr/java/jdk8/bin/keytool -importkeystore -deststorepass YOURPASS -destkeypass YOURPASS -destkeystore /home/USERNAME/.keystore -srckeystore /home/USERNAME/.keystoretmp <\code>
  5. YOURPASS is the password you selected from step 2 above.

Next edit server.xml and add the below block
Note: Enter the correct port, keystorepass and keystorefile location.

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
   disableUploadTimeout="true" enableLookups="false" maxThreads="25"
   port="33236" keystoreFile="/chroot/home/USERNAME/.keystore" keystorePass="YOURPASS"
   protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
   secure="true" sslProtocol="TLS" />

Restart tomcat and access at http://YOURDOMAIN.COM:33236/


Was this answer helpful?

« Back