Generate (test) SSL cert:
keytool -genkey -alias tomcat -keyalg RSA -keystore keystore
Enter keystore password: changeit
Re-enter new password: changeit
What is your first and last name?
[Unknown]: localhost
What is the name of your organizational unit?
[Unknown]: Web
What is the name of your organization?
[Unknown]: Acme Web Services
What is the name of your City or Locality?
[Unknown]: Sin City
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]: NL
Is CN=www.mydomain.com, OU=Web, O=Acme Web Services, L=Sin City, ST=Unknown, C=NL correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
The current version of Servoy does not automatically recognize that you want to use SSL, so you need to set the code base override. I'm using port 8443 for SSL, but if you have the privileges to bind to 443 (the official SSL port) you can use that instead.
In servoy.properties (only needed upto Servoy 3.5.6):
servoy.jnlpCodebaseOverride=https\://localhost:8443/
In server.xml add (under the regular connector):
- Code: Select all
<Connector
port="8443"
maxThreads="150" connectionTimeout="60000"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="conf/keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Normak is the usage of port 8443. You can change this port, but if you do, change the redirectPort value in the regular connector as well!
At the end of web.xml in server/webapps/ROOT/web.xml (just before
the </web-app>) add:
- Code: Select all
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
This will cause ALL traffic to be redirected to SSL. Note that this is probably what you want anyway because you want the client to be started from an SSL protected page (to avoid tampering with the webstart url).