Solved

Snakeoil SSL and Tomcat 7

Posted on 2014-01-17
4
429 Views
Last Modified: 2014-01-24
Hello Experts,

I'm a newbie to SSL so be gentle with me! I'm not sure about terminology yet but here goes...

I want to add SSL security to a web application written as a servlet and running under Tomcat 7.0 (Windows 32-bit). We are developing the application ourselves and want to set up a test system that operates SSL but with minimum cost. Later we will go to a production system and the customer will pay for a certificate(?) for whatever level of 'Assurance' he/she wants.

I'm told that there is a 'product' (?) called Snakeoil SSL which is free and but provides some kind of basic SSL functionality - my hope is that it will allow us to go through the process of 'installing' SSL on Tomcat, pointing a browser at the servlet URL and bringing up the https://  prefix in the address bar. That would do the job for us.

I've googled 'Snakeoil SSL Installation' and can't get any clear info about where to start - all the references I see deal with Linux and rely on having a Snakeoil package available with the O.S.

Does a version of Snakeoil for Tomcat (Windows 32-bit) exist?
Where are the instructions for installation?

Thank you very much.
Stephen
0
Comment
Question by:SteveFarndon2000
  • 2
  • 2
4 Comments
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
Comment Utility
Tomcat requires a certificate in a java keystore - you *can* issue those yourself, and that still isn't snakeoil.

I suspect you are referring to the default keys that come with apache; those are literally called snakeoil in the file system and documentation, because anyone with a copy of apache has them (so can decode the traffic)

You should (if you wish to test Tomcat without paying for keys) issue your own keys using the keytool IUI tool, the standard Java keytool, openssl, or whatever you prefer (I recommend the gui keytool IUI, but the end result is the same no matter how you do it)

By custom, the key should be in the keystore with a name of "tomcat" - you configure the tomcat installation to know where to find its keystore (which is a JKS type java keystore for purposes of KT IUI) and what the password is.  The CN on the certificate with the key should match the expected name of the website once it is entered into a browser.

Official documentation can be found here
0
 

Author Comment

by:SteveFarndon2000
Comment Utility
Thanks, Dave. Just waiting for any other comments.
0
 

Author Comment

by:SteveFarndon2000
Comment Utility
That's fine. Dave. I 'll try the gui keytool IUI as you recommend. You have the points. Thank you.
0
 
LVL 33

Expert Comment

by:Dave Howe
Comment Utility
Feel free to ask for further clarification here if you hit any speed bumps - always happy to help :)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now