Upload
judah-johns
View
214
Download
0
Embed Size (px)
Citation preview
7/31/2019 Secure Access to Your Application With SSL
1/7
Secure Access to Your Application with SSL
As the Internet becomes a bigger and bigger part (if it isnt already)
of commerce and business, the desire to keep those very things safe
and secure is growing. Online theft is growing just as fast, or faster,than the business that it takes advantage of. SMBs have to take this
into account as they take their businesses online. Developers
especially need to not only be informed but have plans in place to
make sure that they, or their customers, become victims of online
theft.
Do you need it?
Every e-commerce site needs to ensure that its transactions are secure. For that matter, any site that
does any kind of online transactions need to make sure that they have a way to encryptcommunications between their servers and their customers. Unfortunately, every piece of
information, every byte of data that travels across the Internet, including emails and previously visited
web sites, is a possible target for hijacking by online thieves. So
Whats the answer?
Certificate Authorities and SSL Certificates
Every online user wants to ensure that their online transactions, purchases,
messages and privacy are safe. The way that the developer and SMB can ensure
this is by using a trust provider, a certificate authority (CA). CAs are providers
of Secure Socket Layer Certificates. An SSL provides a protocol that protects
private information on the Internet. It keeps data encrypted as it is sent over the
Internet so that only the intended recipient is able to access it.
SSL Certificates make sure that your data is kept safe in transit and that only those that you want to
see it can. So, let's see how this works.
Create an environment
1. Go tojelastic.comand sign up if you haven't done so yet, or log in with your Jelastic credentials by
clicking the Sign In link on the page.
2. While inJelasticdashboard, click the Create environmentbutton at the top left.
http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.files.wordpress.com/2012/07/https.jpghttp://jelastic.files.wordpress.com/2011/10/alf-11.pnghttp://jelastic.files.wordpress.com/2012/07/https.jpghttp://jelastic.files.wordpress.com/2011/10/alf-11.pnghttp://jelastic.files.wordpress.com/2012/07/https.jpghttp://jelastic.files.wordpress.com/2011/10/alf-11.pnghttp://jelastic.com/http://jelastic.com/7/31/2019 Secure Access to Your Application With SSL
2/7
3. In the Environment Topologydialog, pick your application server (for example, Tomcat
7), switch on Public IPv4 for your server and type your environment name, for example, myssl.
In a minute your environment with Tomcat 7 will be successfully created.
4. Expand the list of environment and useAdditionallybutton for your instance to see the number
of your Public IP.
Domain name and A Record settings
1. Using any domain registrar buy your domain name (we use mycustomdomain.com as an example).
2. SetA Record to point your domain to your Public IP address. You can find the detailed instruction
on how to do thishere.
Getting SSL Certificate
http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://jelastic.files.wordpress.com/2012/07/myssl3.pnghttp://jelastic.files.wordpress.com/2012/07/myssl21.pnghttp://jelastic.files.wordpress.com/2012/07/myssl11.pnghttp://jelastic.files.wordpress.com/2012/07/myssl3.pnghttp://jelastic.files.wordpress.com/2012/07/myssl21.pnghttp://jelastic.files.wordpress.com/2012/07/myssl11.pnghttp://jelastic.files.wordpress.com/2012/07/myssl3.pnghttp://jelastic.files.wordpress.com/2012/07/myssl21.pnghttp://jelastic.files.wordpress.com/2012/07/myssl11.pnghttp://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/7/31/2019 Secure Access to Your Application With SSL
3/7
1. If you already have an SSL provider that you prefer, you can go to them. We suggest that you use the
provider that your Jelastic provider (ServInt,Rusonyx,Layershift,dogadoorTsukaeru) recommends.
In this how-to, we will useComodoas our SSL provider.
So that you don't have to go through the whole process on the Comodo site, we have selected
Comodo's most popular certificates and put the links below that take you straight to their order
form, along with a discount:
Positive SSL: fastest and most cost effective--good for low volume transactions Positive SSL Wildcard: same as the Positive SSL, but also covers subdomains COMODO SSL: their most popular SSL and suitable for high volume transactions and traffic COMODO SSL Wildcard: same their COMODO SSL, but allows for more than just one
domain
COMODO EV SSL: when you want to go above and beyond, the Green Bar ExtendedValidation Certificate is for you
After providing all the required information you'll receive an email with CRT files (digital
certificate files used with a web browser). If you decide to use another provider, simply go follow the
same steps of buying a certificate and then once you get your CRT files, you can proceed to the
following step.
2. InstallOpenSSL toolon your computer if you haven't done so yet.
3. Run OpenSSL using command line (C:\openssl.exe on Windows,~/openssl.sh on Linux):
...\bin>openssl.exe
4. Generate a private keyon the Windows/Linux server that runs your webserver (this key is a 2048
bit RSA key):
OpenSSL> genrsa -out mykey.key 2048
http://www.servint.net/http://www.servint.net/http://www.servint.net/http://www.rusonyx.ru/http://www.rusonyx.ru/http://www.rusonyx.ru/http://www.layershift.com/http://www.layershift.com/http://www.layershift.com/http://www.dogado.de/http://www.dogado.de/http://www.dogado.de/http://www.tsukaeru.net/http://www.tsukaeru.net/http://www.tsukaeru.net/http://comodo.com/http://comodo.com/http://comodo.com/https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=287&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=287&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=289&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=289&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=488,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=488,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=489,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=489,490&days=365https://secure.comodo.com/products/!PlaceOrder?&ap=Jelastic&product=337https://secure.comodo.com/products/!PlaceOrder?&ap=Jelastic&product=337http://en.wikipedia.org/wiki/OpenSSLhttp://en.wikipedia.org/wiki/OpenSSLhttp://en.wikipedia.org/wiki/OpenSSLhttp://en.wikipedia.org/wiki/OpenSSLhttps://secure.comodo.com/products/!PlaceOrder?&ap=Jelastic&product=337https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=489,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=488,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=289&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=287&days=365http://comodo.com/http://www.tsukaeru.net/http://www.dogado.de/http://www.layershift.com/http://www.rusonyx.ru/http://www.servint.net/7/31/2019 Secure Access to Your Application With SSL
4/7
5. Convert your main certificate file (in our case mycustomdomain_com.crt), that you have received
from your CA and your private key (mykey.key) to p12 container.
OpenSSL> pkcs12 -export -in mycustomdomain_com.crt -inkey mykey.key -out certificate.p12 -
name tomcat -CAfile EssentialSSLCA_2.crt -caname root
Notice: COMODO providesCAfile EssentialSSLCA_2.crtas an intermediate certificate.
9. Import certificate to the keystore. We useJava keytoolfor these purposes. It's a key and certificate
management utility. It allows users to manage their own public/private key pairs and certificates.
>keytool -importkeystore -srckeystore certificate.p12 -destkeystore my.keystore -srcstoretype
pkcs12
Enter the passwords to the destination and source keystores:
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
If all is ok you'll see the following message:
Entry for alias tomcat successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Your keystore will be located in thebin folder (JAVA_HOME/bin/my.keystore). To look through the
contents of your keystore you can use the following command:
>keytool -list -keystore my.keystore -storetype pkcs12 -storepass password
Tomcat Configuration
1. Go back to the Jelastic dashboard and click the config button for Tomcat.
2. Upload your keystore file to the home folder of Tomcat.
http://crt.comodoca.com/EssentialSSLCA_2.crthttp://crt.comodoca.com/EssentialSSLCA_2.crthttp://crt.comodoca.com/EssentialSSLCA_2.crthttp://crt.comodoca.com/EssentialSSLCA_2.crthttp://en.wikipedia.org/wiki/Keystorehttp://en.wikipedia.org/wiki/Keystorehttp://en.wikipedia.org/wiki/Keystorehttp://jelastic.files.wordpress.com/2012/07/myssl4.pnghttp://en.wikipedia.org/wiki/Keystorehttp://crt.comodoca.com/EssentialSSLCA_2.crt7/31/2019 Secure Access to Your Application With SSL
5/7
3. Configure the Connector in the server.xml file (server folder).
For example:
[code language="xml"]
[/code]
4. Comment the listener in server.xml file, which is responsible for using native Tomcat SSL engine:
[code][/code]
http://jelastic.files.wordpress.com/2012/07/myssl9.pnghttp://jelastic.files.wordpress.com/2012/07/myssl5.pnghttp://jelastic.files.wordpress.com/2012/07/myssl9.pnghttp://jelastic.files.wordpress.com/2012/07/myssl5.png7/31/2019 Secure Access to Your Application With SSL
6/7
5. Save the changes and restart Tomcat.
Now you can request to your Tomcat via secure protocol.
http://jelastic.files.wordpress.com/2012/07/myssl8.pnghttp://jelastic.files.wordpress.com/2012/07/myssl7.pnghttp://jelastic.files.wordpress.com/2012/07/myssl8.pnghttp://jelastic.files.wordpress.com/2012/07/myssl7.png7/31/2019 Secure Access to Your Application With SSL
7/7
Related articles
Multiple Domains in Jelastic(jelastic.com) New Jelastic feature: Public IP addresses(jelastic.com) Setting DNS A Records and Second-Level Domain Names in Jelastic(jelastic.com)
http://blog.jelastic.com/2012/07/03/multiple-domains-in-jelastic/http://blog.jelastic.com/2012/07/03/multiple-domains-in-jelastic/http://blog.jelastic.com/2012/05/10/new-jelastic-feature-public-ip-addresses/http://blog.jelastic.com/2012/05/10/new-jelastic-feature-public-ip-addresses/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/05/10/new-jelastic-feature-public-ip-addresses/http://blog.jelastic.com/2012/07/03/multiple-domains-in-jelastic/