Table of Contents
How to configure Tomcat Connector for Apache 2.2?
Install, configure and test the standalone distribution of ADSS Server. ADSS Server can be installed on the same machine for testing where Apache is installed, however this is an unusual configuration. After installation, make sure ADSS Server is running and its services are accessible e.g. the console on: https://<serverName>:8774/adss/console
Installing Apache Web Server and Apache Tomcat Connector
In order to configure the DMZ, you need to install the Apache Web Server and Apache Connector for communication between the Apache Web Server and Tomcat. The following are the installation details:
- Linux: Install the Apache Web Server using the yum command as follows:
- Windows: Download the Apache Web Server from the Apache website:http://httpd.apache.org/download.cgi
- Linux: Once the Apache Web Server is installed, you need to install the APache eXtenSion (apxs) tool to add the Apache Connector module (mod_jk) in the Apache Web Server's modules directory. Use the following commands for the said configurations:
- Linux: Download the Apache Tomcat Connector from http://tomcat.apache.org/download-connectors.cgi (tomcat-connectors-1.2.31-src was the latest version at the time of documentation) and then follow the steps below:
- Windows: Copy the mod_jk.so file to [Installation Directory]\apache\modules directory.
- Linux: Install the mod_ssl using the command for communication over HTTPS:
Configuring the workers.properties
- Linux: Create a file at /etc/httpd/conf/ with name workers.properties and paste the following text into it:
- Windows: Create a file at [Installation Directory]\apache\modules with name workers.properties and paste the following text into it:
Use the following worker if you wish to run ADSS Server behind the Apach as DMZ:
Use the following worker if you wish to run ADSS Server Services in a loadbalanced environment as well as DMZ:
Creating CA and SSL Server Authentication Certificates
- Create a CA and SSL Authentication certificate for server authentication.
- Create an SSL Server Authentication certificate:
- Linux: Copy these files at /etc/httpd/conf/ssl/ to configure the SSL Server Authentication using the following commands:
- Windows: Copy these files at [Installation Directory]\apache\modules\ssl\ to configure the SSL Server Authentication
Creating the Client Authentication Certificate
- Create the Client Authentication certificate for your browser using the following commands:
- Install the p12 (i.e. john.doe.p12 in this case) in the browser that you will use to access the Apache Web Server
- Register the myRootCA.crt in the ADSS Server's Trust Manager with options "Certificate Issuance and Trust System Users".
- Register a user in Access Control using the certificate you created for client authentication (i.e. john.doe.p12 in this case).
- Restart the ADSS Server daemons so that the tomcat keystore is updated with the newly registered CA.
Configuring Apache Web Server
- Add the following text at the end of httpd.conf
- Linux: Stop the SELinux if it is running so that it may not block the Apache and then start the httpd:
- Access the ADSS Server Console using the URL: https://serverName:445/adss/console and similarly you can send the OCSP requests at:
- http://yourServerName/adss/ocsp (Plain HTTP)
- https://yourServerName/adss/ocsp (Server Authentication)
- https://yourServerName:444/adss/ocsp (Client Authentication)