Secure Access to Your Application With SSL

7/31/2019 Secure Access to Your Application With SSL

1/7

Secure Access to Your Application with SSL

As the Internet becomes a bigger and bigger part (if it isnt already)

of commerce and business, the desire to keep those very things safe

and secure is growing. Online theft is growing just as fast, or faster,than the business that it takes advantage of. SMBs have to take this

into account as they take their businesses online. Developers

especially need to not only be informed but have plans in place to

make sure that they, or their customers, become victims of online

theft.

Do you need it?

Every e-commerce site needs to ensure that its transactions are secure. For that matter, any site that

does any kind of online transactions need to make sure that they have a way to encryptcommunications between their servers and their customers. Unfortunately, every piece of

information, every byte of data that travels across the Internet, including emails and previously visited

web sites, is a possible target for hijacking by online thieves. So

Whats the answer?

Certificate Authorities and SSL Certificates

Every online user wants to ensure that their online transactions, purchases,

messages and privacy are safe. The way that the developer and SMB can ensure

this is by using a trust provider, a certificate authority (CA). CAs are providers

of Secure Socket Layer Certificates. An SSL provides a protocol that protects

private information on the Internet. It keeps data encrypted as it is sent over the

Internet so that only the intended recipient is able to access it.

SSL Certificates make sure that your data is kept safe in transit and that only those that you want to

see it can. So, let's see how this works.

Create an environment

1. Go tojelastic.comand sign up if you haven't done so yet, or log in with your Jelastic credentials by

clicking the Sign In link on the page.

2. While inJelasticdashboard, click the Create environmentbutton at the top left.
http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.com/http://jelastic.files.wordpress.com/2012/07/https.jpghttp://jelastic.files.wordpress.com/2011/10/alf-11.pnghttp://jelastic.files.wordpress.com/2012/07/https.jpghttp://jelastic.files.wordpress.com/2011/10/alf-11.pnghttp://jelastic.files.wordpress.com/2012/07/https.jpghttp://jelastic.files.wordpress.com/2011/10/alf-11.pnghttp://jelastic.com/http://jelastic.com/


2/7

3. In the Environment Topologydialog, pick your application server (for example, Tomcat

7), switch on Public IPv4 for your server and type your environment name, for example, myssl.

In a minute your environment with Tomcat 7 will be successfully created.

4. Expand the list of environment and useAdditionallybutton for your instance to see the number

of your Public IP.

Domain name and A Record settings

1. Using any domain registrar buy your domain name (we use mycustomdomain.com as an example).

2. SetA Record to point your domain to your Public IP address. You can find the detailed instruction

on how to do thishere.

Getting SSL Certificate
http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://jelastic.files.wordpress.com/2012/07/myssl3.pnghttp://jelastic.files.wordpress.com/2012/07/myssl21.pnghttp://jelastic.files.wordpress.com/2012/07/myssl11.pnghttp://jelastic.files.wordpress.com/2012/07/myssl3.pnghttp://jelastic.files.wordpress.com/2012/07/myssl21.pnghttp://jelastic.files.wordpress.com/2012/07/myssl11.pnghttp://jelastic.files.wordpress.com/2012/07/myssl3.pnghttp://jelastic.files.wordpress.com/2012/07/myssl21.pnghttp://jelastic.files.wordpress.com/2012/07/myssl11.pnghttp://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/


3/7

1. If you already have an SSL provider that you prefer, you can go to them. We suggest that you use the

provider that your Jelastic provider (ServInt,Rusonyx,Layershift,dogadoorTsukaeru) recommends.

In this how-to, we will useComodoas our SSL provider.

So that you don't have to go through the whole process on the Comodo site, we have selected

Comodo's most popular certificates and put the links below that take you straight to their order

form, along with a discount:

Positive SSL: fastest and most cost effective--good for low volume transactions Positive SSL Wildcard: same as the Positive SSL, but also covers subdomains COMODO SSL: their most popular SSL and suitable for high volume transactions and traffic COMODO SSL Wildcard: same their COMODO SSL, but allows for more than just one

domain

COMODO EV SSL: when you want to go above and beyond, the Green Bar ExtendedValidation Certificate is for you

After providing all the required information you'll receive an email with CRT files (digital

certificate files used with a web browser). If you decide to use another provider, simply go follow the

same steps of buying a certificate and then once you get your CRT files, you can proceed to the

following step.

2. InstallOpenSSL toolon your computer if you haven't done so yet.

3. Run OpenSSL using command line (C:\openssl.exe on Windows,~/openssl.sh on Linux):

...\bin>openssl.exe

4. Generate a private keyon the Windows/Linux server that runs your webserver (this key is a 2048

bit RSA key):

OpenSSL> genrsa -out mykey.key 2048
http://www.servint.net/http://www.servint.net/http://www.servint.net/http://www.rusonyx.ru/http://www.rusonyx.ru/http://www.rusonyx.ru/http://www.layershift.com/http://www.layershift.com/http://www.layershift.com/http://www.dogado.de/http://www.dogado.de/http://www.dogado.de/http://www.tsukaeru.net/http://www.tsukaeru.net/http://www.tsukaeru.net/http://comodo.com/http://comodo.com/http://comodo.com/https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=287&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=287&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=289&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=289&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=488,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=488,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=489,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=489,490&days=365https://secure.comodo.com/products/!PlaceOrder?&ap=Jelastic&product=337https://secure.comodo.com/products/!PlaceOrder?&ap=Jelastic&product=337http://en.wikipedia.org/wiki/OpenSSLhttp://en.wikipedia.org/wiki/OpenSSLhttp://en.wikipedia.org/wiki/OpenSSLhttp://en.wikipedia.org/wiki/OpenSSLhttps://secure.comodo.com/products/!PlaceOrder?&ap=Jelastic&product=337https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=489,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=488,490&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=289&days=365https://secure.comodo.com/products/frontpage?&ap=Jelastic&area=SSL&product=287&days=365http://comodo.com/http://www.tsukaeru.net/http://www.dogado.de/http://www.layershift.com/http://www.rusonyx.ru/http://www.servint.net/


4/7

5. Convert your main certificate file (in our case mycustomdomain_com.crt), that you have received

from your CA and your private key (mykey.key) to p12 container.

OpenSSL> pkcs12 -export -in mycustomdomain_com.crt -inkey mykey.key -out certificate.p12 -

name tomcat -CAfile EssentialSSLCA_2.crt -caname root

Notice: COMODO providesCAfile EssentialSSLCA_2.crtas an intermediate certificate.

9. Import certificate to the keystore. We useJava keytoolfor these purposes. It's a key and certificate

management utility. It allows users to manage their own public/private key pairs and certificates.

>keytool -importkeystore -srckeystore certificate.p12 -destkeystore my.keystore -srcstoretype

pkcs12

Enter the passwords to the destination and source keystores:

Enter destination keystore password:

Re-enter new password:

Enter source keystore password:

If all is ok you'll see the following message:

Entry for alias tomcat successfully imported.

Import command completed: 1 entries successfully imported, 0 entries failed or cancelled

Your keystore will be located in thebin folder (JAVA_HOME/bin/my.keystore). To look through the

contents of your keystore you can use the following command:

>keytool -list -keystore my.keystore -storetype pkcs12 -storepass password

Tomcat Configuration

1. Go back to the Jelastic dashboard and click the config button for Tomcat.

2. Upload your keystore file to the home folder of Tomcat.
http://crt.comodoca.com/EssentialSSLCA_2.crthttp://crt.comodoca.com/EssentialSSLCA_2.crthttp://crt.comodoca.com/EssentialSSLCA_2.crthttp://crt.comodoca.com/EssentialSSLCA_2.crthttp://en.wikipedia.org/wiki/Keystorehttp://en.wikipedia.org/wiki/Keystorehttp://en.wikipedia.org/wiki/Keystorehttp://jelastic.files.wordpress.com/2012/07/myssl4.pnghttp://en.wikipedia.org/wiki/Keystorehttp://crt.comodoca.com/EssentialSSLCA_2.crt


5/7

3. Configure the Connector in the server.xml file (server folder).

For example:

[code language="xml"]

[/code]

4. Comment the listener in server.xml file, which is responsible for using native Tomcat SSL engine:

[code][/code]
http://jelastic.files.wordpress.com/2012/07/myssl9.pnghttp://jelastic.files.wordpress.com/2012/07/myssl5.pnghttp://jelastic.files.wordpress.com/2012/07/myssl9.pnghttp://jelastic.files.wordpress.com/2012/07/myssl5.png


6/7

5. Save the changes and restart Tomcat.

Now you can request to your Tomcat via secure protocol.
http://jelastic.files.wordpress.com/2012/07/myssl8.pnghttp://jelastic.files.wordpress.com/2012/07/myssl7.pnghttp://jelastic.files.wordpress.com/2012/07/myssl8.pnghttp://jelastic.files.wordpress.com/2012/07/myssl7.png


7/7

Related articles

Multiple Domains in Jelastic(jelastic.com) New Jelastic feature: Public IP addresses(jelastic.com) Setting DNS A Records and Second-Level Domain Names in Jelastic(jelastic.com)
http://blog.jelastic.com/2012/07/03/multiple-domains-in-jelastic/http://blog.jelastic.com/2012/07/03/multiple-domains-in-jelastic/http://blog.jelastic.com/2012/05/10/new-jelastic-feature-public-ip-addresses/http://blog.jelastic.com/2012/05/10/new-jelastic-feature-public-ip-addresses/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/07/16/setting-dns-records-in-jelastic/http://blog.jelastic.com/2012/05/10/new-jelastic-feature-public-ip-addresses/http://blog.jelastic.com/2012/07/03/multiple-domains-in-jelastic/

Documents

Secure Access to Your Application With SSL