Welcome, Guest Login

Rundeck Enterprise Support Center

Enable SSL Tomcat

Last Updated: May 03, 2017 06:29AM PDT

 

1) Use the keytool to generate a keystore for use as the server cert and client truststore

keytool -genkey -noprompt \
       -alias     tomcat \
       -keyalg    RSA \
       -dname     "$keystore_dname" \
       -keystore  "$keystore_file" \
       -storepass "$keystore_pass" \
       -keypass   "$keystore_pass"

eg: 
$keystore_file = /opt/rundeck/etc/truststore
$keystore_dname ="CN=acme.org,OU=CA,O=ACME,L=Acme,S=Acme,C=US"


2) Edit server.xml in tomcat config, and add this Connector

<Connector port="@https_port@" protocol="org.apache.coyote.http11.Http11Protocol" 
             SSLEnabled="true"
             scheme="https" secure="true"
             keystoreFile="@keystore_file@" 
             keystorePass="@keystore_pass@"
             clientAuth="false" sslProtocol="TLS"              ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA25,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
              />

where 

@https_port@: port that you want to use 
@keystore_file@: kestore file generated in 1)
@keystore_pass@:  keystore password

 
1fb43f9155a47800b95738aff7e657fc@rundeck.desk-mail.com
http://assets1.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete