HTTPS in Tomcat

 

1.       Certificate basic

http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html

http://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html

http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html

2.       Tomcat configure basic

http://tomcat.apache.org/tomcat-5.5-doc/config/context.html

3.       SSL in Tomcat

http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

Q & A,

1.       What’s the difference between Tomcat and Apache?

See http://stackoverflow.com/questions/30632/difference-between-the-apache-http-server-and-apache-tomcat

Apache Tomcat is used to deploy your Java Servlets and JSPs. So in your Java project you can build your WAR (short for Web ARchive) file, and just drop it in the deploy directory in Tomcat. So basically Apache is an HTTP Server, serving HTTP. Tomcat is a Servlet and JSP Server serving Java technologies.

There are 3 methods connect Apache and Tomcat, see http://www.ibm.com/developerworks/cn/opensource/os-lo-apache-tomcat/ and http://hi.baidu.com/youdianweidao/blog/item/f98519eaa6790bdad539c996.html
 

2.       How do I convert my .pfx (PKCS12) file to a Java Keystore?

Method 1, using jetty, just as standalone version did, http://www.entrust.net/knowledge-base/technote.cfm?tn=7925

Method 2, convert to PEM format, then convert to Java Keystore file. http://stackoverflow.com/questions/4217107/how-to-convert-pfx-file-to-keystore-with-private-key

3.       What’s the difference between Keystore and Certificate?

A keystore contains a private key. You only need this if you are a server, or if the server requires client authentication. And Certificate only contains the public key.

 
4.       “Cannot recover key” exception in Tomcat log

2011-11-30 1:18:48 org.apache.catalina.core.AprLifecycleListener init

java.io.IOException: Cannot recover key

       at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:394)

       at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:125)

       at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:494)

       at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:175)

       at org.apache.catalina.connector.Connector.initialize(Connector.java:1059)

       at org.apache.catalina.core.StandardService.initialize(StandardService.java:578)

       at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:792)

       at org.apache.catalina.startup.Catalina.load(Catalina.java:504)

       at org.apache.catalina.startup.Catalina.load(Catalina.java:524)

       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

       at java.lang.reflect.Method.invoke(Unknown Source)

       at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)

       at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)

http://www.liferay.com/community/forums/-/message_boards/message/9261546 it is caused by “private key password and keystore password should be the same”.

5.       How to implement https client in java code?

Method 1,  setupSSLEnv

Method 2,  trustAllCerts, See http://mengyang.iteye.com/blog/575671