Home > Forms and Procedures > Procedures > UIT Procedures > Infrastructure Procedures > Tomcat Webapp for Dataconnect

Tomcat Webapp for Dataconnect

Table of contents

Information:

The Tomcat webapp for Dataconnect is set to use a certificate PEM file that is called keystore.pem.  This file is NOT a Java keystore file, and should not be implemented as such. 

 

The filename does not have any bearing on the application; it just needs to be in PEM format.  The easiest way to get a certificate in PEM format for this application is to convert a PFX file into PEM format.

 

To convert a PFX file to a PEM file, follow these steps on a Windows machine:

  1. Download and install the Win32 OpenSSL (Win32 OpenSSL v0.9.8i) package from http://www.slproweb.com/products/Win32OpenSSL.html
  2. Create a folder c:\certs and copy the file *filename*.pfx into the c:\certs folder.
  3. Open a command prompt and change into the OpenSSL\bin directory: 
    cd %homedrive%\OpenSSL\bin
  4. Type the following command to convert the PFX file to an unencrypted PEM file (all on one line):
    openssl pkcs12 -in c:\certs\yourcert.pfx -out c:\certs\*filename*.pem –nodes

 

This will create the PEM file in the directory. 

 

To install into Tomcat

  1. Copy the PEM file into c:\WASECURE
  2. Rename the file to match whatever is in the c:\WASECURE\conf\server.xml

   <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"

                               maxHttpHeaderSize="8192"

                 maxThreads="150"

                 enableLookups="false" disableUploadTimeout="true"

                 acceptCount="100" scheme="https" secure="true"

                 SSLEnabled="true"

                 SSLCertificateFile="${catalina.base}\keystore.pem"

                 SSLCertificateKeyFile="${catalina.base}\keystore.pem"

                                                             SSLPassword="OK" />

 

   3. Because a PEM file contains both the certificate and the key in one file, it is appropriate to use both files as such.

       No further extraction of the certificate and key from the PEM is needed.

 

 

Author:

Jason Lowmiller

Date:

07/16/2012

 

 

 

 

 

 

 

 

 

 

 

  1. Because a PEM file contains both the certificate and the key in one file, it is appropriate to use both files as such (see example above).  No further extraction of the certificate and key from the PEM is needed.
You must to post a comment.
Last modified
02:23, 17 Dec 2013

Tags

This page has no custom tags.

Classifications

This page has no classifications.