Tomcat Configuration
Basic HOWTO for configuring the SSL/TLS support to use WebID on Apache Tomcat. These instructions has been written for GNU/Linux, but should be essentially the same for other operative systems, such as MacOS or Windows.
Keystore
Before start, it'd be necessary to create a RSA keystore. Therefore you need to executing something like:
$ keytool -genkey -alias tomcat -keyalg RSA
This will create an keytore at ~/.keystore file. Try to remember the password, because it'd be required later.
(The binary keytool is distributed together the JDK)
Libraries
The official distribution of Apache Tomcat (7.0.23 at the time of this writing) doesn't comes with SSL/TLS support for Java. So it's necessary to get some libraries from de [7.0.23 jSSLutils] project:
- jsslutils.jar (>=1.0.5)
- jsslutils-extra-apachetomcat6.jar (>=1.0.5)
Download both JAR files and copy them into the lib/ directory of Tomcat.
Connector
At the conf/server.xml file try to find a <Connector/> for HTTPS, something like:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="50" scheme="https" secure="true" sslProtocol="TLS"/>
Usually it comes disabled, so you should uncomment for enabling it. Then you would need to add some additional configuration for getting the required support. Basically:
- keystoreFile
- path to the keystore file
- keystorePass
- password for accessing the tomcat alias at the keystore
- SSLImplementation
- implementation of SSL to provide to the hosted applications
- acceptAnyCert
- accepts any kind of certificate
- clientAuth
- enables server to request certificate to the client
So at the end the <Connector/> should look like:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="${user.home}/.keystore" keystorePass="changeit" SSLImplementation="org.jsslutils.extra.apachetomcat6.JSSLutilsImplementation" acceptAnyCert="true" clientAuth="want" sslProtocol="TLS" />
Java code
So once you have configured (and restarted Tomcat), you would be able to access certificates from your JavaEE application using something like:
X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");