To activate security for mod_jk on Enterprise Server, you must first generate a Secure Socket Layer (SSL) self-signed certificate on the Apache HTTP Server with the mod_ssl module. The tasks include generating a private key, a Certificate Signing Request (CSR), a self-signed certificate, and configuring SSL-enabled virtual hosts.
The mod_jk connector must be enabled.
Generate the private key as follows:
openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024 |
where file1:file2: and so on represents the random compressed files.
Remove the pass-phrase from the key as follows:
openssl rsa -in server.key -out server.pem |
Generate the CSR is as follows:
openssl req -new -key server.pem -out server.csr |
Enter the information you are prompted for.
Generate a temporary certificate as follows:
openssl x509 -req -days 60 -in server.csr -signkey server.pem -out server.crt |
This temporary certificate is good for 60 days.
Create the ssl.conf file under the /etc/apache2/conf.d directory.
In the ssl.conf file, add one of the following redirects:
Redirect a web application, for example, JkMount /hello/* worker1.
Redirect all requests, for example, JkMount /* worker1.
# Send all jsp requests to GlassFish JkMount /*.jsp worker1 # Send all glassfish-test requests to GlassFish JkMount /glassfish-test/* loadbalancer |
A basic SSL-enabled virtual host will appear in the ssl.conf file. In this example, all requests are redirected.
Listen 443 <VirtualHost _default_:443> SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "/etc/apache2/2.2/server.crt" SSLCertificateKeyFile "/etc/apache2/2.2/server.pem" JkMount /* worker1 </VirtualHost> |