Tomcat
Contents
Debug Mode - TOMCAT 6
To start Tomcat in debug listing mode add jpda to the argument list
Example In startup.bat call "%EXECUTABLE%" jpda start %CMD_LINE_ARGS%
A Clean Up Script - TOMCAT 6
This is a clean up script to get rid of CACHE and LOGS.
%TOMCAT%/cleanup.bat
cd c:/dev/tomcat/apache-tomcat-6.0.32 cd ./temp rm -fr * cd .. cd ./work rm -fr * cd .. cd ./logs rm -fr * cd ..
Enable Remote JMX - TOMCAT 6
To enable remote JMX follow the steps.
1. Create a file %TOMCAT%/bin/setenv.bat
2. Add the following lines.
REM Enable Remote JMX set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8686 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
Add A Classpath - TOMCAT 6
This will bring all the files in a certian director in to the tomcat classpath. Great for server side property files.
Windows
1. Create a file %TOMCAT%/bin/setenv.bat
2. Add the following lines.
set "CLASSPATH=%CLASSPATH%;%CATALINA_HOME%/../foldername"
Unix based
1. Create a file %TOMCAT%/bin/setenv.sh
2. Add the following lines.
CLASSPATH=${CLASSPATH}:${CATALINA_HOME}/../properties
Increase Memmory - TOMCAT 6
This will boost the memory that Tomcat uses.
1. Create a file %TOMCAT%/bin/setenv.bat
2. Add the following lines.
set "JAVA_OPTS=%JAVA_OPTS% -Xms1536m -Xmx1536m -XX:PermSize=128m -XX:MaxPermSize=128m -XX:NewSize=768m -XX:MaxNewSize=768m -XX:+UseParNewGC -XX:+UseTLAB -XX:+UseConcMarkSweepGC"
SSL
To create a 2 way SSL connection using tomcat spring boot.
Create CA
openssl req -newkey rsa:2048 -nodes -keyform PEM -keyout ca.key -x509 -days 3650 -outform PEM -out ca.cer
Create Server Key
openssl genrsa -out server.key 2048
Create Server signing request - * Make the unit name or common name different then CA
openssl req -new -key server.key -out server.req
Issue server certificate
openssl x509 -req -in server.req -CA ca.cer -CAkey ca.key -set_serial 100 -extensions server -days 365 -outform PEM -out server.cer
Create server *.p12
openssl pkcs12 -export -in server.cer -inkey server.key -chain -CAfile ca.pem -name "tomcat" -out server.p12
Create server java keystore - Tomcat java spring boot app requires that you have the p12 and keystore. I believe it uses the keystore file and not the java environment keystore, which you could use, but Ilike handling files better.
keytool -import -alias server -file ca.cer -storepass changeit -keystore server.keystore
Create client key. This is for 2-way ssl.
openssl genrsa -out client.key 2048
Create client signing request. Make sure the unit or common name is different.
openssl req -new -key client.key -out client.req
Issue the client certificate.
openssl x509 -req -in client.req -CA ca.cer -CAkey ca.key -set_serial 101 -extensions client -days 365 -outform PEM -out client.cer
Create the client p12 file. Most apps like this.
openssl pkcs12 -export -inkey client.key -in client.cer -out client.p12
Spring Boot Source package com.example;
import org.apache.catalina.connector.Connector;
import org.apache.coyote.http11.Http11NioProtocol;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory;
import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
import org.springframework.context.annotation.Bean;
@SpringBootApplication
public class DemoApplication {
@Value("${key:'\'}")
private String keystoreProperty = "";
@Value("${sshPort}")
private int port = 8443;
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
return tomcat;
}
private Connector createSslConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
connector.setScheme("https");
connector.setSecure(true);
connector.setPort(port);
protocol.setKeystoreFile("{path}/server.p12");
protocol.setKeystorePass("changeit");
protocol.setKeystoreType("PKCS12");
protocol.setKeyAlias("tomcat");
protocol.setTruststoreFile("{path}/tomcat.keystore");
protocol.setTruststorePass("changeit");
protocol.setSSLEnabled(true);
protocol.setSSLVerifyClient("require");
protocol.setSSLVerifyDepth(1);
protocol.setSslProtocol("TLSv1");
return connector;
}
}
Debugging To debug from the client - This will show the hand shake between client and server from the clients view.
openssl s_client -connect localhost:8443 -cert client.cer -key client.key -CAfile ca.cer -tls1
To debug from the server - Add the following property to tomcat or spring boot. Tomcat - add to the $TOMCAT_HOME/bin/catalinea.sh
JAVA_OPTS -Djavax.net.debug=ssl
Spring Boot - Add the parameter
mvn spring-boot:run -Djavax.net.debug=ssl
Resources https://makandracards.com/jan0sch/24553-import-private-key-and-certificate-into-java-keystore http://prasenjitdas235.blogspot.com/2014/11/2-way-ssl-with-example.html
