Metacat

These are the things that should be done on the server for Metacat to
communicate through HTTPS:

1. in $TOMCAT_HOME/conf/server.xml uncomment this part for SSL suport:

<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8443"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
</Connector>

but comment the part for the normal HTTP.

2. Download JSSE and install JSSE jars by coping jart.jar, jnet.jar, jsse.jar to
$JAVA_HOME/jre/lib/ext.

3. Edit $JAVA_HOME/jre/lib/security/java.security by adding one line for Sun's
CSProvider "SunJSSE":
security.provider.2=com.sun.net.ssl.internal.ssl.Provider

4. Do: keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/httpd/.keystore
RSA is essential to work with Netscape and IIS. Use "changeit" as password. ( or
add keypass attribute to change it. ) You don't need to sign the certificate.

This generates key pair with self-signed certificate holding the public key. You
don't need to sign the certificate. Check with:
keytool -list -alias tomcat

5. vi $TOMCAT_HOME/bin/tomcat.sh. In there add the HTTPS handler by:
TOMCAT_OPTS="-Djava.protocol.handler.pkgs=edu.ucsb.nceas.protocols|com.sun.net.s
sl.internal.www.protocol"

6. Restart Tomcat to take effects.

7. In order for the client to trust that certificate you should export it in a
file. Send that file to the client who then should import it as a trusted
certificate.
keytool -export -alias tomcat -file dev.cer -keystore /opt/httpd/.keystore
dev.cer is the file to be sent to the client.

2. Download JSSE and install JSSE jars by coping jart.jar, jnet.jar, jsse.jar to
$JAVA_HOME/jre/lib/ext and to $TOMCAT_HOME/lib.

DONE

Original Bugzilla ID was 235