For some purposes I need both HTTP (8080) and HTTPS (8443) port open in my AXIS2. So lets have it in both Windows & Linux environment☺We will use "keytool" from JAVA binaries to generate keystore file. Let's assume, Apache is already configured with HTTP 8080 port.
Please don't hesitate to put your comments 😉
Tested Environment:
Windows 7, Windows 2012
RHEL 5.4, RHEL 6.5
Apache Tomcat Version 6.0.33
In Windows Environment:
Step-1: Generate Keystore file.
Objective-1: We will generate keystore file in C:\apache-tomcat-6.0.20\conf\cert\ directory.
Lets assume we have JDK installed in our computer. Here is mine, let's go to the directory:
Start >> Cmd
cd c:\ProgramFiles\Java\jdk1.6.0_20\bin\
c:\Program Files\Java\jdk1.6.0_20\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\apache-tomcat-6.0.20\conf\cert\keystore.ssl
Enter keystore password: mypassword
Re-enter new password: mypassword
What is your first and last name?
[Unknown]: S M Didarul Abedin
What is the name of your organizational unit?
[Unknown]: IT/Technology
What is the name of your organization?
[Unknown]: My Organization Bangladesh Ltd.
What is the name of your City or Locality?
[Unknown]: Gulshan-2
What is the name of your State or Province?
[Unknown]: Dhaka
What is the two-letter country code for this unit?
[Unknown]: BD
Is CN=S M Didarul Abedin, OU=IT/Technology, O=My Organization Bangladesh Ltd.,
L=Gulshan-2, ST=Dhaka, C=BD correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password): mypassword
Re-enter new password: mypassword
c:\Program Files\Java\jdk1.6.0_20\bin>
Step-2: Update apache configuration file for HTTPS
Objective-2: Necessary configuration in apache for HTTPS
Lets assume C:\apache-tomcat-6.0.20\conf\ is the apache configuration directory. Lets put updated configuration for HTTPS (8443):
Update C:\apache-tomcat-6.0.20\conf\server.xml with below configuration
=====================================================
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https"
secure="true"
Server=""
keystoreFile="C:\apache-tomcat-6.0.20\conf\cert\keystore.ssl"
keystorePass="mypassword" /*put same password that you used while generating keystore file*/
maxThreads="150"
maxSpareThreads="75"
minSpareThreads="25"
clientAuth="false" sslProtocol="TLS"
URIEncoding="UTF-8"
/>
Update C:\apache-tomcat-6.0.20\conf\web.xml with below configuration
=====================================================
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
And lastly update AXIS2 config file to allow HTTPS in port 8443
C:\apache-tomcat-6.0.20\webapps\axis2\WEB-INF\conf\axis2.conf
====================================================
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
Step-3: Restart apache
Objective-3: Enable HTTPS in AXIS2 https://ip-address:8443
Result: Success ✌☺
In LINUX Environment:
Step-1: Generate Keystore file.
Objective-1: We will generate keystore file in /opt/tomcat/apache-tomcat-6.0.33/conf/cert/ directory.
#cd $JAVA_HOME/bin
#keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/apache-tomcat-6.0.33/conf/cert/keystore.ssl
Enter keystore password:mypassword
Re-enter new password: mypassword
What is your first and last name?
[Unknown]: S M Didarul Abedin
What is the name of your organizational unit?
[Unknown]: IT/Technology
What is the name of your organization?
[Unknown]: My Organization Bangladesh Ltd.
What is the name of your City or Locality?
[Unknown]: Gulshan-2
What is the name of your State or Province?
[Unknown]: Dhaka-1212
What is the two-letter country code for this unit?
[Unknown]: BD
Is CN=S M Didarul Abedin, OU=IT/Technology, O=My Organization Bangladesh Ltd., L=Gulshan-2, ST=Dhaka-1212, C=BD correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):mypassword
Re-enter new password:mypassword
Step-2: Update apache configuration for HTTPS port
Objective-2: Necessary configuration in apache for HTTPS
Lets put updated configuration for HTTPS (8443)in
$TOMCAT_HOME/conf/server.xml file
=====================================================
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https"
secure="true"
Server=""
keystoreFile="/opt/tomcat/apache-tomcat-6.0.33/conf/cert/keystore.ssl"
keystorePass="mypassword"
maxThreads="150"
maxSpareThreads="75"
minSpareThreads="25"
clientAuth="false" sslProtocol="TLS"
URIEncoding="UTF-8"
/>
Update $TOMCAT_HOME/conf/web.xml with below configuration
=====================================================
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
And lastly update AXIS2 config file to allow HTTPS in port 8443
$TOMCAT_HOME/webapps/axis2/WEB-INF/conf/axis2.xml
====================================================
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
Step-3: Restart apache
Objective-3: Enable HTTPS in AXIS2 https://ip-address:8443
Result: Success ✌☺
Step-4: Secure environment
Objective-4: Will secure the environment via IPTABLES
Add below rules in your IPTABLES (/etc/sysconfig/iptables) to secure your environment
For example: we are allowing all private blocks 10.0.0.0, 172.16.0.0 and 192.168.0.0
=======================================================================
-A INPUT -s 10.0.0.0/255.0.0.0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -s 172.16.0.0/255.255.0.0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -s 10.0.0.0/255.0.0.0 -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -s 172.16.0.0/255.255.0.0 -p tcp -m tcp --dport 8443 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 8443 -j ACCEPT
Enjoy ✌☺
This article is dedicated to one of my mentor young angry man (Shamim Bhai) 👍
No comments:
Post a Comment