Keystore[edit | edit source]

root@webcat:~# openssl pkcs12 -export -in cpsc.cert  -inkey priv.key  -out keystore.p12 -name cpscssl -CAfile ca.cert  -caname root
Enter Export Password:
Verifying - Enter Export Password:
root@webcat:~# keytool -importkeystore -deststorepass tomcatsucks -destkeypass tomcatsucks -destkeystore ssl.keystore -srckeystore keystore.p12  -srcstoretype PKCS12 -srcstorepass fucktomcat -alias cpscssl
root@webcat:~# keytool -list -keystore ssl.keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

cpscssl, Aug 16, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): 1E:60:E2:5D:44:E1:FA:B1:F5:10:D9:98:C4:49:2F:F9:90:5F:F4:F9
root@webcat:~# cp ssl.keystore  /etc/pki/tls/server.keystore

mod_jk[edit | edit source]

There is no RPM package that provides mod_jk. You will have to compile it yourself.

Get the tomcat connector from:

Install dependencies and compile:

# yum install -y httpd-devel gcc gcc-c++ make libtool

## In the source directory:
/root/source/tomcat-connectors-1.2.42-src/native# ./configure --with-apxs=/usr/bin/apxs
/root/source/tomcat-connectors-1.2.42-src/native# make
/root/source/tomcat-connectors-1.2.42-src/native# make install

Create the apache configuration:

# cat /etc/httpd/conf.d/jk.conf
LoadModule jk_module modules/

<IfModule mod_jk.c>
        JkWorkersFile /etc/httpd/conf/
        JkLogFile     /var/log/httpd/jk.log
        JkLogLevel    info
        JkShmFile     /var/log/httpd/jk-runtime-status

        JkOptions     +ForwardKeySize +ForwardURICompat -ForwardDirectories
        # JkAutoAlias /usr/www/tomcat/webapps

        JkMountFile   /etc/httpd/conf/

# cat /etc/httpd/conf/

# cat /etc/httpd/conf/

When working with mod_ssl, make sure to add a JkMount to ssl.conf in the virtualhost serving the secured content.

JkMount /gradsdb/* worker1