Wednesday, January 27, 2016

Configuring tomcat7 with SSL

Recording steps that worked for me.  the certificate was created using letsencrypt

The generated files in the directory with keys are :

cert.pem  chain.pem  fullchain.pem  privkey.pem  

now, using openSSL converted the certificate to p12 format.

openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root

(it will prompt you to input password, please provide, i found it not working while importing to java keystore without password to the p12 file)

Import to java keystore

Let us import it into a keystore file (KeyStore.jks), please make sure you provide the same password chosen in the previous step. Also it will prompt for keystore password, please provide one.

 keytool -importkeystore -deststorepass CHANGEIT  -destkeypass  CHANGEIT-destkeystore KeyStore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12  -alias tomcat
Enter source keystore password:

Not sure if its mandatory but needed to execute the following too.

keytool -import -trustcacerts -alias root -file chain.pem -keystore KeyStore.jks

Tomcat configuration


Let us configure the tomcat (in /etc/tomcat7/server.xml)  add this after the http connector (80 port).

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/share/tomcat7/certs/KeyStore.jks" keystorePass="CHANGEIT" keyAlias="tomcat" keyPass="CHANGEIT"/ >

Please make sure you are providing the path and the passwords specific to your application server. the keystore (.jks file) should be in accessible location. 

Thursday, January 14, 2016

Virtual Box Ubuntu configuring and connecting through ssh from host machine

The best way to login to a guest Linux VirtualBox VM is port forwarding.

 By default, you should have one interface already which is using NAT. Then go to the Network settings and click the Port Forwarding button. Add a new Rule:
Host port 3022, guest port 22, name ssh, other left blank.
or from command line
VBoxManage modifyvm myserver --natpf1 "ssh,tcp,,3022,,22"
where 'myserver' is the name of the created VM. Check the added rules:
VBoxManage showvminfo myserver | grep 'Rule'
That's all! Please be sure you don't forget to install an SSH server:
sudo apt-get install openssh-server
To SSH into the guest VM, write:
ssh -p 3022 user@