Beruflich Dokumente
Kultur Dokumente
As the Internet becomes a bigger and bigger part (if it isnt already) of commerce and business, the desire to keep those very things safe and secure is growing. Online theft is growing just as fast, or faster, than the business that it takes advantage of. SMBs have to take this into account as they take their businesses online. Developers especially need to not only be informed but have plans in place to make sure that they, or their customers, become victims of online theft.
Create an environment
1. Go to jelastic.com and sign up if you haven't done so yet, or log in with your Jelastic credentials by clicking the Sign In link on the page. 2. While in Jelastic dashboard, click the Create environment button at the top left.
3. In the Environment Topology dialog, pick your application server (for example, Tomcat 7), switch on Public IPv4 for your server and type your environment name, for example, myssl.
4. Expand the list of environment and use Additionally button for your instance to see the number of your Public IP.
1. If you already have an SSL provider that you prefer, you can go to them. We suggest that you use the provider that your Jelastic provider (ServInt, Rusonyx, Layershift, dogado or Tsukaeru) recommends. In this how-to, we will use Comodo as our SSL provider.
So that you don't have to go through the whole process on the Comodo site, we have selected Comodo's most popular certificates and put the links below that take you straight to their order form, along with a discount: Positive SSL: fastest and most cost effective--good for low volume transactions Positive SSL Wildcard: same as the Positive SSL, but also covers subdomains COMODO SSL: their most popular SSL and suitable for high volume transactions and traffic COMODO SSL Wildcard: same their COMODO SSL, but allows for more than just one domain COMODO EV SSL: when you want to go above and beyond, the Green Bar Extended Validation Certificate is for you
After providing all the required information you'll receive an email with CRT files (digital certificate files used with a web browser). If you decide to use another provider, simply go follow the same steps of buying a certificate and then once you get your CRT files, you can proceed to the following step. 2. Install OpenSSL tool on your computer if you haven't done so yet. 3. Run OpenSSL using command line (C:\openssl.exe on Windows,~/openssl.sh on Linux): ...\bin>openssl.exe 4. Generate a private key on the Windows/Linux server that runs your webserver (this key is a 2048 bit RSA key): OpenSSL> genrsa -out mykey.key 2048
5. Convert your main certificate file (in our case mycustomdomain_com.crt), that you have received from your CA and your private key (mykey.key) to p12 container. OpenSSL> pkcs12 -export -in mycustomdomain_com.crt -inkey mykey.key -out certificate.p12 name tomcat -CAfile EssentialSSLCA_2.crt -caname root Notice: COMODO provides CAfile EssentialSSLCA_2.crt as an intermediate certificate. 9. Import certificate to the keystore. We use Java keytool for these purposes. It's a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates. >keytool -importkeystore -srckeystore certificate.p12 -destkeystore my.keystore -srcstoretype pkcs12 Enter the passwords to the destination and source keystores: Enter destination Re-enter Enter source keystore password: If all is ok you'll see the following message: Entry for alias tomcat successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Your keystore will be located in the bin folder (JAVA_HOME/bin/my.keystore). To look through the contents of your keystore you can use the following command: >keytool -list -keystore my.keystore -storetype pkcs12 -storepass password keystore new password: password:
Tomcat Configuration
1. Go back to the Jelastic dashboard and click the config button for Tomcat.
3. Configure the Connector in the server.xml file (server folder). For example:
[code language="xml"] [/code]
4. Comment the listener in server.xml file, which is responsible for using native Tomcat SSL engine:
[code]<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> -->[/code]
5. Save the changes and restart Tomcat. Now you can request to your Tomcat via secure protocol.
Related articles Multiple Domains in Jelastic (jelastic.com) New Jelastic feature: Public IP addresses (jelastic.com) Setting DNS A Records and Second-Level Domain Names in Jelastic (jelastic.com)