Professional Documents
Culture Documents
Apache Tomcat
and SSL
Mark Thomas, Staff Engineer, Pivotal
9 April 2014
Questions
Cipher Plain
Text Text
Plain Hash
Text
Private Key
Cipher Plain
Text Text
Plain Digitally
Hash
Text Signed
Private Key
Digitally
Hash
Signed
Public Key
Plain
Hash
Text
Public
Digitally Cert-
Key +
Signed ificate
ID
Root Self
My CA CA
CA Signed
Cert. Cert. Cert.
Signed by Signed by Signed by Cert.
Certificate
Public key
Identity (domain name)
List of supported algorithms
Client
List of trusted (Root) Certificate Authorities
List of supported algorithms
RS fA(x)
Rc S RS fA(x) Rc
RS fA(x)
public key
Rc S RS fA(x) Rc
Client sends message to server
Encrypted PMS RS fA(x)
enc
PMS
PMS
MS
enc
RS fA(x) PMS
enc
PMS
PMS
MS
Rc + Rs + PMS
Server switches to encrypted mode Rc S RS fA(x) Rc
enc
RS fA(x) PMS
PMS MS
enc
PMS
PMS
MS
enc
RS fA(x) PMS
PMS MS
enc
PMS
PMS
MS
certificate
MS
OpenSSL 1.0.1f
OSX
Works on other platforms adjust paths as necessary
dir = .
default_bits = 2048
countryName_default = US
H/W Load
Balancer
httpd
instances Tomcat
instances
But if you use HTTPS, how do you get the SSL information?
In Tomcat:
<Host >
<Valve className="org.apache.catalina.valves.SSLValve"
</Host>