embedded, not local

Sun, 14 Feb 2021 16:26:12 -0800 

Yep, me again.
Inching along here, unable as yet to re-create ssl traffic when not on localhost. Moving from my basement (localhost) where ssl worked using 

   SGSSRVR_keystoreFile     = /home/rob/Downloads/tomcat/localhost-rsa.jks
   SGSSRVR_truststoreFile      =
   /home/rob/Downloads/tomcat/localhost-rsa-cert.pem
   SGSSRVR_storeType     = JKS


to my office with three separate machines where I can better impersonate 
AWS.
Following Chris's adivce (since I've been given the green light to 
self-sign)


   | Most people just want to mint a key+cert and have Tomcat use that
   for TLS. You can do that very simply:
   | $ keytool -genkey -keyalg RSA -sigalg SHA256withRSA -keysize 4096
   -alias ${HOSTNAME} -keystore ${HOSTNAME}.p12 -storetype PKCS12 -ext
   san=dns:${HOSTNAME}
   | Fill-out all the stuff. This gives you a new RSA key and a
   self-signed certificate. If self-signed is okay with you, you are done.


I put in my fully qualified hostname("k1"), and added the full path of 
the .p12 file to my configuration props


   SGSSRVR_keystoreFile           = /home/u0138544/aws/deploy/server/k1.p12
   SGSSRVR_keystoreAlias         = k1
   SGSSRVR_keystorePwd          = as-assigned
   SGSSRVR_truststoreFile         = /home/u0138544/aws/deploy/server/k1.p12
   SGSSRVR_truststoreAlias       = k1
   SGSSRVR_truststorePwd        = as-assigned
   ##(with and without)
   SGSSRVR_storeType        = PCKS12 (JKStoo)


and pick those up as follows (including trying only key and only trust 
portions)


        done = done && connector.setProperty("sslProtocol", "TLS");
        done = done && connector.setProperty("keyAlias",
   System.getProperty("SGSSRVR_keystoreAlias"));
        done = done && connector.setProperty("keystorePass",
   System.getProperty("SGSSRVR_keystorePwd"));
        done = done && connector.setProperty("keystoreFile",
   keyFile.getAbsolutePath());
        done = done && connector.setProperty("keystoreType",
   System.getProperty("SGSSRVR_storeType"));

        done = done && connector.setProperty("truststoreType",
   System.getProperty("SGSSRVR_storeType"));
        done = done && connector.setProperty("truststoreFile",
   trustFile.getAbsolutePath());
        done = done && connector.setProperty("truststorePassword",
   System.getProperty("SGSSRVR_truststorePwd"));   //always false
        done = done && connector.setProperty("truststoreAlias",
   System.getProperty("SGSSRVR_truststoreAlias"));  //always false

        done = done && connector.setProperty("SSLEnabled", "true");
        done = done && connector.setProperty("clientAuth", "false");
        done = done && connector.setProperty("maxThreads", "200");
        done = done && connector.setProperty("SSLEnabled", "true");

        if (! done) {
          System.out.println("Some problem(s) in connector setup");
        }

If anyone can tell me where I've gone wrong (again) I'm all ears.




























					Reply via email to