FreeKB - Encrypt outbound requests from Tomcat (SSL / TLS / truststore)
Encrypt outbound requests from Tomcat (SSL / TLS / truststore)

Home > Search


First and foremost, it's important to recongize that there will be both inbound and outbound requests. Typically, an inbound request is when a remote system makes a request for an app deployed to Tomcat. Typically, and outbound request is when an app deployed to Tomcat needs to go out, such as when making a query to a remote SQL database. This article only deals with securing outbound requests. Refer to this article to secure inbound requests.

 

Inbound requests use a keystore to secure the requests. Outbound requests use a truststore to secure the request. So, when you see keystore, think "inbound" and when you see truststore think "outbound".

 

First you will create a truststore, and then you will configure Tomcat. If you have not yet created a truststore, refer to this article. For the sake of this article, let's say you've created a truststore named trust.p12 and the trust.p12 file contains a certificate with an alias of *.example.com.

The following two parameter will be used to configure Tomcat to use the truststore. 

-Djavax.net.ssl.trustStore=/path/to/trust.p12
-Djavax.net.ssl.trustStorePassword=your_password

 

One possible way to use these parameters would be to use them in the JAVA_OPTS variable in ${tomcat_install_root}/bin/setenv.sh, like this:

JAVA_OPTS="-Djavax.net.ssl.trustStore=/path/to/trust.p12 -Djavax.net.ssl.trustStorePassword=your_password"

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments