How to configure SSL for Single instance Apchae Tomcat in AWS environment
1. Create private key using open SSL
>openssl genrsa 1024 > privatekey.pem
2. Create a certificate signing requests
>openssl req -new -key privatekey.pem -out csr.pem
Normally, you would submit your CSR to a Certificate Authority (CA) to apply for a digital server certificate.
However, you can also generate a self-signed certificate for testing purposes only.
3. How to generate self signed certificate
>openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out server.crt
4. In you jee application create a folder name .ebextensions in \src\main\resources
5. Create a file name 01run.config under the new directory and add the following code
Resources:
mySecurityGroup:
Type: "AWS::EC2::SecurityGroupIngress"
Properties:
GroupName:
Ref: "AWSEBSecurityGroup"
IpProtocol: "tcp"
FromPort: "443"
ToPort: "443"
CidrIp: "0.0.0.0/0"
5. Build and create your new .war file
6. Login to your EC2 instance using PuTTy as root user and install mod_ssl using yum
yum install mod_ssl
7.Creates(if not exsists) an
ssl.conf file in your /etc/httpd/conf.d/ directory and add/modify the following detailsmode: 000777
owner: ec2-user
group: ec2-user
content: |
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLCertificateFile "/tmp/server.crt"
SSLCertificateKeyFile "/tmp/private.key"
ProxyPass / http://localhost:8080/ retry=0
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost on
LogFormat "%h (%{X-Forwarded-For}i) %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
ErrorLog /var/log/httpd/elasticbeanstalk-error_log
TransferLog /var/log/httpd/elasticbeanstalk-access_log
</VirtualHost>
8.Copy the generated private key and certificate to /tmp in EC2
9. Following commands will be useful to handle any issues
rm -f /var/lock/subsys/httpd
sudo netstat -ltnp | grep ':80'
sudo kill -9 xxxx
fuser -k -n tcp 80
service httpd restart
No comments:
Post a Comment