To
Enable SSL Between the mod_jk Load Balancer and the Browser
To activate security for mod_jk on Enterprise Server, you must first generate a Secure Socket Layer (SSL) self-signed certificate on the Apache HTTP Server with the mod_ssl module. The tasks include generating a private key, a Certificate Signing Request (CSR), a self-signed certificate, and configuring SSL-enabled virtual hosts.
Before You Begin
The mod_jk connector must be enabled.
-
Generate the private key as follows:
openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024
where file1:file2: and so on represents the random compressed files.
-
Remove the pass-phrase from the key as follows:
openssl rsa -in server.key -out server.pem
-
Generate the CSR is as follows:
openssl req -new -key server.pem -out server.csr
Enter the information you are prompted for.
-
Generate a temporary certificate as follows:
openssl x509 -req -days 60 -in server.csr -signkey server.pem -out server.crt
This temporary certificate is good for 60 days.
-
Create the ssl.conf file under the /etc/apache2/conf.d directory.
-
In the ssl.conf file, add one of the following redirects:
-
Redirect a web application, for example, JkMount /hello/* worker1.
-
Redirect all requests, for example, JkMount /* worker1.
# Send all jsp requests to GlassFish JkMount /*.jsp worker1 # Send all glassfish-test requests to GlassFish JkMount /glassfish-test/* loadbalancer
-
Example 6–8 ssl.conf File for mod_jk Security
A basic SSL-enabled virtual host will appear in the ssl.conf file. In this example, all requests are redirected.
Listen 443 <VirtualHost _default_:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "/etc/apache2/2.2/server.crt" SSLCertificateKeyFile "/etc/apache2/2.2/server.pem" JkMount /* worker1 </VirtualHost> |
- © 2010, Oracle Corporation and/or its affiliates