How to enable SSL Encryption - With a self signed certificate
"An administrator may simply want to ensure that the data being transmitted and received by the server is
private and cannot be snooped by anyone who may be eavesdropping on the connection. Fortunately, Java
provides a relatively simple command-line tool, called keytool, which can easily create a "self-signed"
Certificate. Self-signed Certificates are simply user generated Certificates which have not been officially
registered with any well-known CA, and are therefore not really guaranteed to be authentic at all. Again, this
may or may not even be important, depending on your needs.", From Apache's web site here:
To enable SSL Encryption in the installed version of VisionFlow with a SELF SIGNED certificate you'll need to follow the instructions here:
- Open a console/cmd prompt
- Create a certificate keystore by executing the following command:
- Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -storepass VisionFlow -keypass VisionFlow -keystore tomcat.keystore -dname "cn=John Doe, ou=IT, o=My Company, c=US"
- Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -storepass VisionFlow -keypass VisionFlow -keystore tomcat.keystore -dname "cn=John Doe, ou=IT, o=My Company, c=US"
- Install your certificate/keystore in tomcat:
- Uncomment the "SSL HTTP/1.1 Connector" entry in $CATALINA_HOME/conf/server.xml and tweak as necessary, for example like this:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/tomcat.keystore" keystorePass="VisionFlow" />
More detailed information
About the keystore and keytools: