Do you need it?
Every e-commerce site needs to ensure that its transactions are secure. For that matter, any site that does any kind of online transactions need to make sure that they have a way to encrypt communications between their servers and their customers. Unfortunately, every piece of information, every byte of data that travels across the Internet, including emails and previously visited web sites, is a possible target for hijacking by online thieves. So?
What?s the answer?
Certificate Authorities and SSL Certificates
SSL Certificates make sure that your data is kept safe in transit and that only those that you want to see it can. So, let?s see how this works.
Create an environment
1. Go to?jelastic.com?and sign up if you haven?t done so yet, or log in with your Jelastic credentials by clicking the?Sign In?link on the page.
2. While in?Jelastic?dashboard, click the?Create environment?button at the top left.
3. In the?Environment Topology?dialog, ?pick your application server (for example,?Tomcat 7),?switch on?Public IPv4?for your server and?type your environment?name, for example, myssl.
In a minute your environment with?Tomcat 7?will be successfully created.
4. Expand the list of environment and use?Additionally?button for your instance to see the number of your?Public IP.
Domain name and A Record settings
1. Using any domain registrar?buy your domain name (we use?mycustomdomain.com as an example).
2. Set A Record to point your domain to your Public IP address. You can find the detailed instruction on how to do this?here.
Getting SSL Certificate
1. If you already have an SSL provider that you prefer, you can go to them. We suggest that you use the provider that your Jelastic provider (ServInt, Rusonyx, Layershift, dogado or Tsukaeru) recommends. In this how-to, we will use Comodo as our SSL provider.
So that you don?t have to go through the whole process on the Comodo site, we have selected Comodo?s most popular certificates and put the links below that take you straight to their order form, along with a discount:
- Positive SSL: fastest and most cost effective?good for low volume transactions
- Positive SSL Wildcard: same as the Positive SSL, but also covers subdomains
- COMODO SSL: their most popular SSL and suitable for high volume transactions and traffic
- COMODO SSL Wildcard: same their COMODO SSL, but allows for more than just one domain
- COMODO EV SSL: when you want to go above and beyond, the Green Bar Extended Validation Certificate is for you
After providing all the required information you?ll receive an email with CRT?files (digital certificate?files used with a web browser). If you decide to use another provider, simply go follow the same steps of buying a certificate and then once you get your CRT files, you can proceed to the following step.
2.??Install?OpenSSL tool?on your computer if you haven?t done so yet.
3.?Run OpenSSL using command line (C:\openssl.exe?on Windows,~/openssl.sh?on Linux):
?\bin>openssl.exe
4. Generate a?private key?on the Windows/Linux server that runs your webserver (this key is a 2048 bit RSA key):
OpenSSL>?genrsa -out mykey.key 2048
5.?Convert your main certificate file (in our case mycustomdomain_com.crt), that you have?received from your CA?and your private key (mykey.key)?to p12 container.
OpenSSL>?pkcs12 -export -in mycustomdomain_com.crt -inkey mykey.key -out certificate.p12 -name tomcat -CAfile EssentialSSLCA_2.crt -caname root
Notice: COMODO provides?CAfile?EssentialSSLCA_2.crt as an?intermediate certificate.
9. Import certificate to the keystore. We use Java keytool for these purposes. It?s?a key and certificate management utility. It allows users to manage their own public/private key pairs and certificates.
>keytool -importkeystore -srckeystore certificate.p12 -destkeystore my.keystore -srcstoretype pkcs12
Enter the passwords to the destination and source?keystores:
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
If all is ok you?ll see the following message:
Entry for alias tomcat successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Your keystore will be located in the bin folder (JAVA_HOME/bin/my.keystore).?To look through the contents of your keystore you can use the following command:
>keytool -list -keystore my.keystore -storetype pkcs12 -storepass password
Tomcat Configuration
1. Go back to the Jelastic dashboard and click the config button for Tomcat.
2. Upload your keystore file to the home folder of ?Tomcat.
3. Configure the Connector?in the server.xml file (server folder).
For example:
4. Comment the listener in server.xml file, which is responsible for using native Tomcat SSL engine:
<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> -->
5. Save the changes and restart Tomcat.
Now you can request to your Tomcat via secure protocol.
Related articles
Like this:
Be the first to like this.
Source: http://blog.jelastic.com/2012/08/29/secure-access-to-your-application-with-ssl/
chris polk chicago bulls st louis blues rueben randle mike trout ryan broyles jerel worthy
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.