Solved

Snakeoil SSL and Tomcat 7

Posted on 2014-01-17
4
460 Views
Last Modified: 2014-01-24
Hello Experts,

I'm a newbie to SSL so be gentle with me! I'm not sure about terminology yet but here goes...

I want to add SSL security to a web application written as a servlet and running under Tomcat 7.0 (Windows 32-bit). We are developing the application ourselves and want to set up a test system that operates SSL but with minimum cost. Later we will go to a production system and the customer will pay for a certificate(?) for whatever level of 'Assurance' he/she wants.

I'm told that there is a 'product' (?) called Snakeoil SSL which is free and but provides some kind of basic SSL functionality - my hope is that it will allow us to go through the process of 'installing' SSL on Tomcat, pointing a browser at the servlet URL and bringing up the https://  prefix in the address bar. That would do the job for us.

I've googled 'Snakeoil SSL Installation' and can't get any clear info about where to start - all the references I see deal with Linux and rely on having a Snakeoil package available with the O.S.

Does a version of Snakeoil for Tomcat (Windows 32-bit) exist?
Where are the instructions for installation?

Thank you very much.
Stephen
0
Comment
Question by:SteveFarndon2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 39790063
Tomcat requires a certificate in a java keystore - you *can* issue those yourself, and that still isn't snakeoil.

I suspect you are referring to the default keys that come with apache; those are literally called snakeoil in the file system and documentation, because anyone with a copy of apache has them (so can decode the traffic)

You should (if you wish to test Tomcat without paying for keys) issue your own keys using the keytool IUI tool, the standard Java keytool, openssl, or whatever you prefer (I recommend the gui keytool IUI, but the end result is the same no matter how you do it)

By custom, the key should be in the keystore with a name of "tomcat" - you configure the tomcat installation to know where to find its keystore (which is a JKS type java keystore for purposes of KT IUI) and what the password is.  The CN on the certificate with the key should match the expected name of the website once it is entered into a browser.

Official documentation can be found here
0
 

Author Comment

by:SteveFarndon2000
ID: 39794096
Thanks, Dave. Just waiting for any other comments.
0
 

Author Comment

by:SteveFarndon2000
ID: 39803723
That's fine. Dave. I 'll try the gui keytool IUI as you recommend. You have the points. Thank you.
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 39806252
Feel free to ask for further clarification here if you hit any speed bumps - always happy to help :)
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question