This tutorial describes how to enable Transport Layer Security SSL/TLS in Tomcat server, so OpenCDS service can be consumed over HTTPS. The steps described here are automatically carried on the Docker container version.
Create self-signed certificate
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore ${CATALINA_HOME}
After running this command you will be prompted for the key password, then a .keystore file will be generated on {CATALINA_HOME} folder. You will need to edit ${CATALINA_HOME}/conf/sever.xml in order to enable the SSL connector. The keystorePass must be the same that you used when the .keystore was generated
Edit server.xml file
... <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=".keystore" keystorePass="opencds" /> </Service> </Server>
Restart Tomcat, and check https://localhost:8443/opencds-decision-support-service/evaluate?wsdl
References
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html