Part II: Setting up Apache, Tomcat, and mod_jk on RHEL4

On 3/15/2007, In Internet, Tech, Web Dev, Work, By Will

After man­ag­ing to get Tomcat5.5 work­ing with Apache2 using mod_jk, my next ven­ture was to enable SSL using a self-signed cer­tifi­cate in Tom­cat. This proved to be quite a task.

The sys­tem I’m set­ting up is run­ning Red­Hat Enter­prise Linux 4.4. I installed all the offi­cial Red­Hat RPM’s to get Tom­cat and Apache talk­ing together with mod_jk (see Part I of this tuto­r­ial).

After 4 days of bang­ing my head on my key­board, I noticed that when I would run:

#java -version

It spit out this:

Java(TM) 2 Runtime Environment, Standard Edition (build pxi32dev-20061002a (SR3) )
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Linux x86-32 j9vmxi3223-20061001 (JIT enabled)
J9VM - 20060915_08260_lHdSMR
JIT - 20060908_1811_r8
GC - 20060906_AA)
JCL - 20061002

This let me know that I am sup­posed to be using IBM’s ver­sion of java, which appar­ently is the default on my Red­Hat sys­tem, not Sun’s ver­sion. I think some­where along the way I down­loaded Sun’s jvm, and I assumed that I was sup­posed to be using it’s key­tool to gen­er­ate an SLL cer­tifi­cate for Tom­cat, but such is not the case. This caused me much con­fu­sion, but here’s how I ended up fix­ing it:

1. Gen­er­ate Key­store file
(NOTE: all of this assumes you already have Apache con­fig­ured with SSL. I used OpenSSL, which I don’t go into here, but there are loads of resources online for you, and it’s rel­a­tively easy to do).

Assum­ing you have the default Red­Hat java rpm already installed, run this:

# /usr/lib/jvm/java-1.5.0-ibm-1.5.0.3/jre/bin/keytool -genkey -alias tomcat -keyalg RSA

NOTE: I used Tomcat’s default pass­word of ‘changeit’ when prompted.

The key­store file gets dropped in the home direc­tory of what­ever user you are logged in as. I was root, so I then moved the key­store file to the tom­cat home direc­tory:

# mv /root/.keystore /etc/tomcat5/
# chown tomcat.tomcat /etc/tomcat5/.keystore

2. Next you have to edit Tomcat’s server.xml file

# nano /etc/tomcat5/server.xml

Uncom­ment the SSL con­nec­tor and set it up like so:


<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" algorithm="IbmX509" sslProtocol="SSL"
keystoreFile="/etc/tomcat5/.keystore"
keystorePass="changeit" />

Note that I added algorithm=“IbmX509” and I changed sslProtocol=“TLS” to sslProtocol=“SSL”. This is nec­es­sary to get things work­ing with IBM’s jvm.

3. Restart every­thing

# service tomcat5 stop
# service tomcat5 start
# apachectl restart

If you were fol­low­ing along from my last arti­cle, then browse to:

https://yoursite.com:8443/hello.jsp

If all went well, you should see the hello.jsp page show­ing you the sys­tem time!

 
0 Comments
Leave A Response

Leave a Reply



Go To Top »