Keystore[edit | edit source]

root@webcat:~# openssl pkcs12 -export -in cpsc.cert  -inkey priv.key  -out keystore.p12 -name cpscssl -CAfile ca.cert  -caname root
Enter Export Password:
Verifying - Enter Export Password:
root@webcat:~# keytool -importkeystore -deststorepass tomcatsucks -destkeypass tomcatsucks -destkeystore ssl.keystore -srckeystore keystore.p12  -srcstoretype PKCS12 -srcstorepass fucktomcat -alias cpscssl
root@webcat:~# keytool -list -keystore ssl.keystore
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

cpscssl, Aug 16, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): 1E:60:E2:5D:44:E1:FA:B1:F5:10:D9:98:C4:49:2F:F9:90:5F:F4:F9
root@webcat:~# cp ssl.keystore  /etc/pki/tls/server.keystore


mod_jk[edit | edit source]

There is no RPM package that provides mod_jk. You will have to compile it yourself.

Get the tomcat connector from: https://tomcat.apache.org/download-connectors.cgi

Install dependencies and compile:

# yum install -y httpd-devel gcc gcc-c++ make libtool

## In the source directory:
/root/source/tomcat-connectors-1.2.42-src/native# ./configure --with-apxs=/usr/bin/apxs
/root/source/tomcat-connectors-1.2.42-src/native# make
/root/source/tomcat-connectors-1.2.42-src/native# make install

Create the apache configuration:

# cat /etc/httpd/conf.d/jk.conf
LoadModule jk_module modules/mod_jk.so

<IfModule mod_jk.c>
        JkWorkersFile /etc/httpd/conf/workers.properties
        JkLogFile     /var/log/httpd/jk.log
        JkLogLevel    info
        JkShmFile     /var/log/httpd/jk-runtime-status

        JkOptions     +ForwardKeySize +ForwardURICompat -ForwardDirectories
        # JkAutoAlias /usr/www/tomcat/webapps

        JkMountFile   /etc/httpd/conf/jkworkermap.properties
</IfModule>

# cat /etc/httpd/conf/workers.properties
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009


# cat /etc/httpd/conf/jkworkermap.properties
/gradsdb/*=worker1

When working with mod_ssl, make sure to add a JkMount to ssl.conf in the virtualhost serving the secured content.

JkMount /gradsdb/* worker1