Within the file TOMCAT/webapps/yanel/WEB-INF/web.xml one can set
<servlet>
...
<init-param xmlns:webApp="http://java.sun.com/xml/ns/j2ee">
<param-name>ssl-port</param-name>
<param-value>8443</param-value>
</init-param>
</servlet>
Within the file src/build/(local.)build.properties one can set the parameters tomcat1.ssl.port=8443 and tomcat2.ssl.port=8443. Then re-configure Tomcat (run "configure" to turn on SSL for Tomcat resp. patch "conf/server.xml") resp. re-build (run "build" to patch the "web.xml" file) Yanel
Please note that the keystore file local/apache-tomcat-7.0.25/yanel.keystore
is generated by src/build/targets/webapp/webapp.xml
(and src/build/targets/webapp/cluster.xml
), whereas the configiration parameters are taken from src/build/(local.)build.properties
(See properties 'certificate.*').
In some cases Yanel might has to access third-party servers which are only accessible via SSL (e.g. ActiveMQ). In order to do so one can configure a trust-store inside Yanel as described in the following paragraphs:
Assuming that you have a certificate (named 'CA_CERTIFICATE') from the CA that signed the third-party server's certificate. One can create a trust-store file (named 'truststore.jks') by executing the following command:
keytool -importcert -v -alias MY_ALIAS -file CA_CERTIFICATE -storepass MY_PASSWORD -keystore truststore.jks
Check whether the certificate has been added correctly by running (use password MY_PASSWORD)
keytool -v -list -keystore truststore.jks
In order to delete a certificate from the truststore use
keytool -delete -alias MY_ALIAS -keystore truststore.jks
One can configure the location of the trust-store file and its password inside yanel.xml
. Yanel is reading this configuration at startup and will set the java system properties 'javax.net.ssl.trustStore
' and 'javax.net.ssl.keyStorePassword
' accordingly.
Your custom Yanel code (e.g. to init javax.net.ssl.TrustManager[] ...
) might access the trust-store configuration by using
System.getProperty("javax.net.ssl.trustStore");
System.getProperty("javax.net.ssl.keyStorePassword");