When transferring usernames and passwords over HTTP, you
should set up SSL on Tomcat or whichever application server you are using. This
protocol ensures that the names and passwords are in encrypted form as they
travel across the network, and thus protected from theft and malicious use by
hackers and other intruders.
Setting up SSL on Tomcat 4 is a two-step process:
Use the keytool
utility to create a keystore
file encapsulating a digital certificate used by the server for secure
Uncomment the SSL Connector element in Tomcat's conf/server.xml
file, and alter its attributes if necessary.
The keytool utility is located in the bin
subdirectory of the directory where you have installed the JSDK. The following
command line creates a single self-signed
digital certificate for the Tomcat server within a keystore file named .keystore.
This file is created in the home directory of the user running the command.
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
The Unix version
of this command is:
$JAVA_HOME\bin\keytool -genkey -alias tomcat -keyalg RSA
(For this command to succeed, the JAVA_HOME environment variable must be set to the directory where the Java 2 SDK is installed, such as h:\j2sdk1.4.1_01.)
The sample below shows the console output resulting from
executing the keytool command. The keytool will request some
information about you and your organization, but you can accept the default
values by pressing Enter. This information is incorporated into the server's
certificate and presented to the user (via her web browser) when she requests
any components with a URL that starts with https://.
In setting up SSL for Tomcat, you must use the same password
for both the keystore and the certificate that is stored in the keystore.The
default password used in Tomcat is "changeit": http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html.
The console output resulting from using the keytool
Enter keystore password: changeit
What is your first and last name?
[Unknown]: Bruce Perry
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=Bruce Perry, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
Enter key password for <tomcat>
(RETURN if same as keystore password):
Finally, uncomment the SSL Connector
element in the conf/server.xml file by removing the comment
characters around it (<!-- -->). Then restart Tomcat.
The Connector element inside server.xml
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
"8443" minProcessors="5" maxProcessors="75" enableLookups=
"true" acceptCount="100" debug="0" scheme="https" secure="true"
"false" protocol="TLS" />
The Connector uses a different port number (8443)
than that used by insecure HTTP connections (in Tomcat, it's usually 8080).
After you have restarted Tomcat, you can now make a secure connection to a web
component in the home application with a URL
that looks like this: