I have a Java application which I am running on RHEL server. I want to enable SSL on tomcat 7 on RHEL. I am following this tutorial.
I used this command to to create a self-signed certificate.
keytool -genkey -alias mkyong -keyalg RSA -keystore c:\mkyongkeystore
But on running https://localhost:8443/ I am not getting anything and I am enable to configure Tomcat to support SSL Or https.
A) Create a keystore file to store the server's private key and self-signed certificate by executing the following command:
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore
B) Uncomment the "SSL HTTP/1.1 Connector" entry in /etc/tomcat6/server.xml and modify as described in the Configuration section below (this is only an example, edit your own configuration and just uncomment it and provide the correct password).
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="want" SSLProtocol="TLS"
keystoreFile="conf/keystore"
truststoreFile="conf/keystore"
keystorePass="XXXXXX"
keystoreType="PKCS12"
ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
truststorePass="XXXXXXXXXXXXXXX" />
C) If you are using selinux, you may need to relabel newly created keystore file context. Use RHEL SELinux guide how to do that.