Bug #452
closedConfigure ssl in dev and ecoinfo
0%
Description
We already configured ssl in local machine (Tomcat standalone). Now we need to
configure dev and ecoinfo. But in these machines, apache is the web server and
need more configuration than tomcat standalone.
Updated by Jing Tao over 22 years ago
1. Enable Apache over ssl:
In /etc/httpd/conf/httpd.cof file, comment every <ifdef have_ssl>
2. Restart Apache:
/etc/init.d/httpd stop
/etc/init.d/httpd start
3. Download and install JSSE:
Download JSSE package from java.sun.com and unzip it. Copy the three files -
jcert.jar, jnet.jar and jsse.jar in Jsse_home/lib to $Java_home/jre/lib/ext
4. Edit file $Tomcat_home/conf/server.xml
Uncomment the part about https and make them look like:
<Http10Connector port="8443"
secure="true"
keystore="/home/tao/.keystore"
keypass="123456"
clientAuth="false"
SSLImplementation="org.apache.tomcat.util.net.JSSEImplementation" />
Don't comment the Http10Connector for port 8080. It will be use to catch
systle sheet and other things.
5. Edit the build.xml in metacat.
Add a property named systemidserver, its value="http://dev.nceas.ucsb.edu"
6. Install Metacat again from scratch (include "ant dtdsql")
7. Stop and start tomcat.
Now, dev can support ssl.
Updated by Jing Tao over 22 years ago
6.b Put the public of Apache into default keystore of Java:
If Metacat cmmiunicate to Apache server by https, for example to call a sytle
sheet, Apache pulbic key should be import into a keystore. Because Metacat
didn't specify the keystore, the public key should be import the default store:
$java_home/jre/lib/security/cacerts. The import can be finished by keytool
commnad. The location of public key of Apache server can found in
/etc/httpd/conf/httpd.cof file.
Moreover, when Apache as web server and Tomcat as servlet container, we only
need to distribute the public of Apache. Actually, Tomcat don't need any
private key or public key.
Updated by Jing Tao over 22 years ago
Testing between dev and my local amchine, the replication work well through
ssl.