Project

General

Profile

Bug #452

Configure ssl in dev and ecoinfo

Added by Jing Tao over 17 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
metacat
Target version:
Start date:
04/02/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
452

Description

We already configured ssl in local machine (Tomcat standalone). Now we need to
configure dev and ecoinfo. But in these machines, apache is the web server and
need more configuration than tomcat standalone.

History

#1 Updated by Jing Tao over 17 years ago

1. Enable Apache over ssl:
In /etc/httpd/conf/httpd.cof file, comment every <ifdef have_ssl>

2. Restart Apache:
/etc/init.d/httpd stop
/etc/init.d/httpd start

3. Download and install JSSE:
Download JSSE package from java.sun.com and unzip it. Copy the three files -
jcert.jar, jnet.jar and jsse.jar in Jsse_home/lib to $Java_home/jre/lib/ext

4. Edit file $Tomcat_home/conf/server.xml
Uncomment the part about https and make them look like:
<Http10Connector port="8443"
secure="true"
keystore="/home/tao/.keystore"
keypass="123456"
clientAuth="false"

SSLImplementation="org.apache.tomcat.util.net.JSSEImplementation" />

Don't comment the Http10Connector for port 8080. It will be use to catch
systle sheet and other things.

5. Edit the build.xml in metacat.
Add a property named systemidserver, its value="http://dev.nceas.ucsb.edu"

6. Install Metacat again from scratch (include "ant dtdsql")

7. Stop and start tomcat.

Now, dev can support ssl.

#2 Updated by Jing Tao over 17 years ago

6.b Put the public of Apache into default keystore of Java:
If Metacat cmmiunicate to Apache server by https, for example to call a sytle
sheet, Apache pulbic key should be import into a keystore. Because Metacat
didn't specify the keystore, the public key should be import the default store:
$java_home/jre/lib/security/cacerts. The import can be finished by keytool
commnad. The location of public key of Apache server can found in
/etc/httpd/conf/httpd.cof file.

Moreover, when Apache as web server and Tomcat as servlet container, we only
need to distribute the public of Apache. Actually, Tomcat don't need any
private key or public key.

#3 Updated by Jing Tao over 17 years ago

Testing between dev and my local amchine, the replication work well through
ssl.

#4 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 452

Also available in: Atom PDF