This tutorial describes how to enable Transport Layer Security SSL/TLS in Tomcat server, so thus OpenCDS service can be consumed over HTTPS. The steps described here are automatically carried performed on the Docker container version.
Code Block |
---|
language | bash |
---|
title | Create self-signed certificate |
---|
|
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore ${CATALINA_HOME}/.keystore |
After running this command you will be prompted for the key password, then a .keystore file will be generated on {CATALINA_HOME} folder. You will need to edit ${CATALINA_HOME}/conf/sever.xml in order to enable the SSL connector. Add the following lines to server.xml file. The keystorePass must be the same that you used when the .keystore was generated
Code Block |
---|
language | bash |
---|
title | Edit server.xml file |
---|
|
...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=".keystore" keystorePass="opencds" />
</Service>
</Server> |
...