Skip to main content

4-step configuration of SSL encryption on Tomcat in Ubuntu Linux using Self-Signed Certificate

First things first, the title makes it clear that the user is expected to know about terms SSL, Tomcat and Linux, so getting straight to the topic. The simple steps below can save hours of your time if you followed them sequentially.

So, you have a web application ready to deploy and you want your communication to be entrypted and make sure that you are talking to the right server. Configuring SSL on your web server and application will do both the jobs for you in 4 steps below:

  1. Creating dummy certificate
    - Run: cd /usr/lib/jvm/java-6-openjdk-i386/jre/bin/
    - Run: keytool -genkeypair -alias MyCertificate -keyalg RSA -keystore "/home/myhome/MyCertificate.cert"
    Here, we used Java's keytool application to generate a self-signed certificate.
    Enter all the information asked further: password, name, organization, etc.
    This will generate a SSL certificate file, containing encrypted text.

  2. Enabling SSL on your tomcat server
    - Run: nano /var/lib/tomcat6/conf/server.xml
    - Search for commented block for configuring SSL HTTP connector (by default, it's on port 8443)
    - Uncomment the block and you should see:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />
    - Set protocol="org.apache.coyote.http11.Http11NioProtocol":
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" />
    - Next, provide the password and file path of the Certificate you created:
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
                   maxThreads="150" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" 
                   keystorePass="mysslcertificatepassword" />
    - Save the file and exit the editor
    - Run: service tomcat6 restart

  3. Test if it works
    - Open your browser and try: https://localhost:8443
    - The browser should warn you that the website is untrusted source. Ignore and proceed, you may add the website as an exception.

  4. Next step is to configure your web application to talk only to HTTPS enabled tomcat server
    - Open your web app's web.xml in any editor
    - Add the following lines at the bottom of your web.xml, just before </web-app> tag closure

    <!-- This block makes sure that all the resources are accessed via HTTPS -->
    <!-- This block overrides the previous for certain resources and enables them on both HTTP and HTTPS -->

Now your application and web server are both ready to talk on a secure channel.


Popular posts from this blog

A faster, Non-recursive Algorithm to compute all Combinations of a String

Imagine you're me, and you studied Permutations and Combinations in your high school maths and after so many years, you happen to know that to solve a certain problem, you need to apply Combinations.

You do your revision and confidently open your favourite IDE to code; after typing some usual lines, you pause and think, then you do the next best thing - search on Internet. You find out a nice recursive solution, which does the job well. Like the following:

import java.util.ArrayList;
import java.util.Date;

public class Combination {
   public ArrayList<ArrayList<String>> compute (ArrayList<String> restOfVals) {
      if (restOfVals.size () < 2) {
         ArrayList<ArrayList<String>> c = new ArrayList<ArrayList<String>> ();
         c.add (restOfVals);
         return c;
      else {
         ArrayList<ArrayList<String>> newList = new ArrayList<ArrayList<String>> ();
         for (String o : restOfVals) {

Executing MapReduce Applications on Hadoop (Single-node Cluster) - Part 1

Okay. You just set up Hadoop on a single node on a VM and now wondering what comes next. Of course, you’ll run something on it, and what could be better than your own piece of code? But before we move to that, let’s first try to run an existing program to make sure things are well set on our Hadoop cluster.
Power up your Ubuntu with Hadoop on it and on Terminal (Ctrl+Alt+T) run the following command: $
Provide the password whenever asked and when all the jobs have started, execute the following command to make sure all the jobs are running: $ jps
Note: The “jps” utility is available only in Oracle JDK, not Open JDK. See, there are reasons it was recommended in the first place.
You should be able to see the following services: NameNode SecondaryNameNode DataNode JobTracker TaskTracker Jps

We'll take a minute to very briefly define these services first.
NameNode: a component of HDFS (Hadoop File System) that manages all the file system metadata, links, trees, directory structure, etc…

Titanic: A case study for predictive analysis on R (Part 1) is a popular community of data scientists, which holds various competitions of data science. The article performs predictive analysis on a benchmark case study -- Titanic, picked from -- in-depth.

The case study is a classification problem, where the objective is to determine which class does an instance of data belong to. This can also be called prediction problem, because we are predicting class of a record based on its attributes.

Note: This tutorial requires some basic R programming background. If you haven't yet gotten yourself acquainted with R, maybe this is the right time. Codeacademy's tutorial is my personal recommendation. We will be using RStudio here, the most used IDE for 'R' language. It is free and open-source, you can download it here.

RMS Titanic was a British cruise that sank on its course in the North Atlantic Ocean on its maiden voyage. 1502 people, out of 2224 on board lost their lives in this disaster. Due to lack of li…