Databases Reference
In-Depth Information
2.
When asked for a password:
1.
Specify the password you want to use for the certificate. Note that the
password text will not appear as you type.
2.
Make a note of the password you choose; we will need it in the next
step when editing the Tomcat configuration.
3.
In this exercise we will be using the default password
changeit
.
3.
Follow the prompts to specify your domain name, organization, and location.
This information is used to construct the X.500 Distinguished Name (DN) of
the entity. To the question
What is your first and last name?
(CN), don't give
your actual name. The CN must match the fully-qualified hostname of the
server running Confluence. Tomcat will not be able to use the certificate for
SSL otherwise.
For example, for our Confluence, running on localhost:
CN =
localhost
, OU =
Confluence Essentials
, O =
Packt
, C =
UK
4. Enter
y
to confirm the details.
5. When asked for the password for
tomcat
(the alias you entered in the
keytool command), press the
Enter
key. You
must
use the same password
here as the one that was used for the keystore password. This is a restriction
of the Tomcat implementation.
6. Your certificate is now ready.
Our self-signed certificate is now available in Java's keystore. If you are using a
previously generated certificate or a CA certificate, you will need to import that
certificate into Java's keystore. This can be done with the following command:
keytool -importcert -alias tomcat -file <MY_CERTIFICATE_FILENAME>
Configuring Tomcat
To enable HTTPS, open the
CONF_INSTALL/conf/server.xml
file in a text editor.
Locate and uncomment the following lines:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
This connector will enable HTTPS for Confluence on port 8443. We will have to
replace
<MY_CERTIFICATE_PASSWORD>
with the password we specified when
creating our certificate. In our case this would be
changeit
.