Installing a Windows Domain Certificate in Apache Tomcat

This has a couple of gotcha’s.

This video from Bill Stewart is an excellent guide

But it assumes you have the Tomcat APR Module already installed.

This guide from https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA33n000000XtwiCAC&type=FAQ

Explains how (it uses version 1.2.32 ) which I recommend! Because I couldn’t get 2.0 to work for some reason.

I think you also need to add it to the path!

How to install the Tomcat APR module (Apache Portable Runtime) in Windows Server environments?

ANSWER

As part of the necessary steps to increase performances in Footprints, we need to deploy the APR module, or runtime, which is available for download on this page : 
https://downloads.apache.org/tomcat/tomcat-connectors/native/
Go to directories from the above link like /1.2.32/binaries/ and download this file tomcat-native-1.2.32-openssl-1.1.1n-ocsp-win32-bin.zip
Note# the version may be different as it is updated by apache tomcat
Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies.
The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x.
APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). These features allows making Tomcat a general purpose webserver, will enable much better integration with other native web technologies, and overall make Java much more viable as a full fledged webserver platform rather than simply a backend focused technology.Installation:STOP THE TOMCAT SERVICE FIRST !1 – Download the zip file from this location :

https://downloads.apache.org/tomcat/tomcat-connectors/native/
Go to directories from the above link like /1.2.32/binaries/ and download this file tomcat-native-1.2.32-openssl-1.1.1n-ocsp-win32-bin.zip
Note# the version may be different as it is updated by apache tomcat
 

2 – Unzip the content and open the /bin folder, then copy the X64 folder and openssl.exe file:
User-added image
3 – Access../Tomcat X.X/bin and paste the folder and file copied at step 2 :
User-added image
Note : in this example my Tomcat is 8.5, consequently the folder is under ../tomcat8.5/bin. You must adapt the path to your own situation and Tomcat Version.

4 – From this location, open the X64 folder you have just pasted and copy the 2 files you find inside. DO NOT CUT them !
User-added image
5 – Go back to ../Tomcat X.X/bin folder and PASTE :
User-added image

You now have installed Tomcat APR for 64bit server version of Windows.
Next step is to make it so that Tomcat can make use of the APR from boot up.

1 – Open ../Tomcat X.X/conf/server.xml with notepad or Notepad++
2 – Change the line that says protocol=”Http1.1″ to protocol=”org.apache.coyote.http11.Http11AprProtocol”

Note : This is case sensitive, hence you MUST respect the capital letters!

The line now looks like this :
User-added image
3 – Restart the Tomcat Service now.

You can verify that the APR module and the OpenSSL have been correctly installed by openening the ../tomcatX.X/logs/catalina.log file, where you will see clear evidence that the module and Open SSL have been found and used (edit catalina.log file using Notepad or Notepad++):

User-added image
These 2 lines indicate that the modules have been loaded correctly :
User-added image

And then only allow HTTPS

From https://medium.com/@anil7017/redirect-http-request-to-https-in-apache-tomcat-bcd710daabf4

Files needs to be change

  1. server.xml
  2. web.xml

server.xml

<Connector port=”80" protocol=”HTTP/1.1"
connectionTimeout=”20000"
redirectPort=”443" />

web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

That’s it Restart the Tomcat and test you will see all pages should redirect to https.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s