Geek Answers Handbook

Configuring Truststore in Tomcat

I have a Java servlet that currently runs on Tomcat 7 (Windows) and connects to a SQL Server database. Now I need to encrypt this connection, and I have an open SSL key certificate in the keystore. But apparently, I need to configure the system property for "Truststore" and install the trust store in the keystore.

The keystore location is C: \ SSLKeys \ appkeystore.key, and from what I found, I need to configure Truststore as follows:

Djavax.net.ssl.trustStore = C: \ SSLKeys \ appkeystore.key Djavax.net.ssl.trustStorePassword = appkeystorePassword

But how do I install them? I tried this on the command line, but it does not work. I do not want to hard code them in Java, because I need them to be customizable.

Can they be installed in the Catalina.bat file in Tomcat? If so, where in the file do I make a command?

Thank you in advance

Alan

+6
source share
4 answers

I think I might have found how at least one way to do this. Someone please tell me if there is a better way to handle this. In the Tomcat \ bin folder, where the catalina.bat file, I created the setenv.bat file, and there I declared two properties of Java properties for:

set JAVA_OPTS="-Djavax.net.ssl.trustStore=C:\path\to\keystore.key" "-Djavax.net.ssl.trustStorePassword=************"

Apparently, when Tomcat is running, it initiates the catalina.bat file, and the catalina.bat file determines whether the setenv.bat file exists, and if it runs this file to set Java parameters.

Someone again, please correct me if I am wrong and advise you to do this best. Although, apparently, where Tomcat is configured as a Windows service, the parameters listed above are entered through tomcatXw.exe to launch the Tomcat console and select the Java tab.

Ajfarroll

+11
source

If someone else asks this question, here is what I did:
1. Go to the \ tomcatDirectory \ bin \ directory
2. Edit the catalina.sh/bat file depending on your machine.
3. Add these properties to the JAVA_OPTS property

 JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$CATALINA_HOME/certificates/truststore.ks -Djavax.net.ssl.trustStorePassword=truststorePassword -server"

This will mean that tomcat will use the specified trust store instead of the standard cacerts store that loads tomcat if it does not find any trust specified in the system properties.

In addition, I noticed that you can define a trust store in the main configuration file tomcat server.xml . All you have to do is set these properties in the connector property.

 <Connector port="8443" maxThreads="500" server="Apache" scheme="https" secure="true" SSLEnabled="true" acceptCount="500" keystoreFile="/apps/content/certificates/keystore.ks" keystorePass="keystorepass" truststoreFile="/apps/content/certificates/truststore.ks" truststorePass="truststorePassword"/>

Try it, hope it helps!

+7
source

The recommended answer only works for Tomcat deployed on Windows, I found that the Linux server works for me below:

TOMDOGEDIRECTORY / bin / setenv.sh [You need to create this file yourself]

 JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/opt/meh_tuststove.jks" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=muchsecure" export JAVA_OPTS
+1
source

To do this, you need to modify the server.xml file. You can find it in the conf directory.

First uncomment the following lines:

 <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->

and then change it something like this:

 Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25" port="8443" keystoreFile="C:\SSLKeys\appkeystore.key" keystorePass="password" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" />
-1
source

More articles:


All Articles