Sun GlassFish Enterprise Server v3 Administration Guide

ProcedureTo Enable SSL Between the mod_jk Load Balancer and the Browser

To activate security for mod_jk on Enterprise Server, you must first generate a Secure Socket Layer (SSL) self-signed certificate on the Apache HTTP Server with the mod_ssl module. The tasks include generating a private key, a Certificate Signing Request (CSR), a self-signed certificate, and configuring SSL-enabled virtual hosts.

Before You Begin

The mod_jk connector must be enabled.

  1. Generate the private key as follows:

    openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024

    where file1:file2: and so on represents the random compressed files.

  2. Remove the pass-phrase from the key as follows:

    openssl rsa -in server.key -out server.pem 
  3. Generate the CSR is as follows:

    openssl req -new -key server.pem -out server.csr

    Enter the information you are prompted for.

  4. Generate a temporary certificate as follows:

    openssl x509 -req -days 60 -in server.csr -signkey server.pem -out server.crt

    This temporary certificate is good for 60 days.

  5. Create the ssl.conf file under the /etc/apache2/conf.d directory.

  6. In the ssl.conf file, add one of the following redirects:

    • Redirect a web application, for example, JkMount /hello/* worker1.

    • Redirect all requests, for example, JkMount /* worker1.

    # Send all jsp requests to GlassFish
    JkMount /*.jsp worker1
    # Send all glassfish-test requests to GlassFish
    JkMount /glassfish-test/* loadbalancer 

Example 6–8 ssl.conf File for mod_jk Security

A basic SSL-enabled virtual host will appear in the ssl.conf file. In this example, all requests are redirected.

Listen 443
<VirtualHost _default_:443>
SSLEngine on
SSLCertificateFile "/etc/apache2/2.2/server.crt"
SSLCertificateKeyFile "/etc/apache2/2.2/server.pem"
JkMount /* worker1