R-T Consuming OpenCDS over HTTPS

Owned by SalvadorR
Last updated: Jul 21, 2016 by David Shields

This tutorial describes how to enable Transport Layer Security SSL/TLS in Tomcat server, thus OpenCDS service can be consumed over HTTPS. The steps described here are automatically performed on the Docker container version

Create self-signed certificate
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore ${CATALINA_HOME}/.keystore

After running this command you will be prompted for the key password, then a .keystore file will be generated on {CATALINA_HOME} folder.  You will need to edit ${CATALINA_HOME}/conf/sever.xml in order to enable the SSL connector.  The keystorePass must be the same that you used when the .keystore was generated 

Edit server.xml file
...
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile=".keystore" keystorePass="opencds" />
  </Service>
</Server>

Restart Tomcat, and check https://localhost:8443/opencds-decision-support-service/evaluate?wsdl

 

References

https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html