This tutorial describes how to enable Transport Layer Security SSL/TLS in Tomcat server, so thus OpenCDS service can be consumed over HTTPS. The steps described here are automatically carried performed on the Docker container version.
| Code Block | ||||
|---|---|---|---|---|
| ||||
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore ${CATALINA_HOME}/.keystore |
After running this command you will be prompted for the key password, then a .keystore file will be generated on {CATALINA_HOME} folder. You will need to edit ${CATALINA_HOME}/conf/sever.xml in order to enable the SSL connector. Add the following lines to server.xml file. The keystorePass must be the same that you used when the .keystore was generated
| Code Block | ||||
|---|---|---|---|---|
| ||||
<Service> ... <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=".keystore" keystorePass="opencds" /> </Service> </Server> |
Restart Tomcat, and check https://localhost:8443/opencds-decision-support-service/evaluate?wsdl
...