-
Notifications
You must be signed in to change notification settings - Fork 14
Installing Tomcat JSS
Endi S. Dewata edited this page Aug 21, 2023
·
1 revision
To install JSS Connector package:
$ dnf install dogtag-tomcatjss
Create NSS database:
$ cd /usr/share/tomcat $ echo Secret.123 > password.txt $ mkdir -p nssdb $ certutil -N -d nssdb -f password.txt $ chown -R root.tomcat nssdb $ chmod -R g+rw nssdb $ echo "sslserver" > serverCertNick.conf $ echo "internal=`cat password.txt`" > password.conf
Then create a self-signed SSL server certificate.
Create links to JSS Connector library:
$ mkdir -p common/lib $ ln -s /usr/lib64/jss/jss4.jar common/lib $ ln -s /usr/share/java/commons-lang.jar common/lib $ ln -s /usr/share/java/commons-logging.jar common/lib $ ln -s /usr/share/java/tomcatjss.jar common/lib
Edit $CATALINA_BASE/conf/catalina.properties to include JSS Connector library:
common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar","${catalina.base}/common/lib/*.jar"
Uncomment the SSL connector in $CATALINA_BASE/conf/server.xml and configure a JSS Connector as follows:
<Connector
port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation"
serverCertNickFile="/usr/share/tomcat/serverCertNick.conf"
passwordFile="/usr/share/tomcat/password.conf"
passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
certdbDir="/usr/share/tomcat/nssdb"
/>