5.2
Table Of Contents
- vFabric Web Server Installation and Configuration
- Table of Contents
- 1. About vFabric Web Server Installation and Configuration
- 2. Overview of vFabric Web Server
- 3. Installing vFabric Web Server
- Installation Note for vFabric Suite Customers
- Available Distribution Packages
- RHEL: Install vFabric Web Server from an RPM
- Unix: Install vFabric Web Server from a Self-Extracting ZIP
- Windows: Install vFabric Web Server from a ZIP File
- Activate a vFabric Web Server Local License
- Description of the vFabric Web Server Installation
- 4. Upgrading vFabric Web Server
- 5. Creating and Using vFabric Web Server Instances
- 6. Configuring vFabric Web Server Instances
- Using Sample Configuration Files to Enable Features and Modify Configuration
- Configure Load Balancing Between Two or More tc Runtime Instances
- Configure SSL Between vFabric Web Server and vFabric tc Server
- Configure tc Runtime Instances to Use SSL
- Configure the vFabric Web Server Instance to Use SSL
- Restrict Communication With tc Runtime Instances to Known Clients
- Update the Web Server Configuration for HTTPS Connections to tc Runtime Instances
- Configure vFabric Web Server to Authenticate Itself Using a Specific Client Certificate
- Configure BMX for Monitoring vFabric Web Server Instances
- 7. Security Information
- 8. Managing Planned and Unplanned Outages
- 9. Additional Documentation
Configuring vFabric Web Server
Instances
35
VMware vFabric Suite 5.2 35
secure="true"/>
Configure the vFabric Web Server Instance to Use SSL
The easiest way to do configure SSL for a Web Server instance is to use the newserver interactive command to create a new
instance and specify that you want to enable SSL for the instance. The command performs configuration tasks and creates a
private key. See Create vFabric Web Server Instances.
If you want to enable SSL for an existing Web Server instance, you can uncomment the Include conf/extras/httpd-
ssl.conf directive in the main conf/httpd.conf file and then follow directions in the conf/extra/httpd-
ssl.conf file. See Using the Sample Configuration Files to Enable Features and Modify Configuration for details.
Restrict Communication With tc Runtime Instances to Known Clients
This section describes how to specify that the tc Runtime instances require a valid certificate from a client before it accepts a
connection.
Procedure
1. Log in to the computer on which you installed tc Server and open a terminal window.
2. Create a certificate authority file. The following examples show how to create the CA file ca.crt by using the openssl
command:
prompt$ openssl genrsa -out ca.key 1024
prompt$ openssl req -new -key ca.key -out ca.csr
prompt$ openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
3. Generate a JKS formatted certificate authority file. The following example shows how to use the keytool command to create
the file cacerts.jks from the CA file ca.crt you created in the preceding step:
prompt$ keytool -importcert -keystore cacerts.jks -storepass changeme -alias my_ca -file ca.crt
4. Copy the cacerts.jks file to the CATALINA_BASE/conf directory of each tc Runtime instance.
5. Update the appropriate <Connector /> element in each instance's conf/server.xml file by adding the
clientAuth and truststoreFile attributes, setting their values as shown in the example:
<Connector SSLEnabled="true"
clientAuth="true"
truststoreFile="${catalina.base}/conf/cacerts.jks"
acceptCount="100"
connectionTimeout="20000"
executor="tomcatThreadPool"
keyAlias="tomcat"
keystoreFile="${catalina.base}/conf/tomcat.keystore"
keystorePass="changeme"
maxKeepAliveRequests="15"
port="8443"
protocol="org.apache.coyote.http11.Http11Protocol"
redirectPort="8443"
scheme="https"
secure="true"/>
6. Restart each tc Runtime instance for the changes to take effect:
prompt$ cd /var/opt/vmware/vfabric-tc-server-standara/instanceOne/bin
prompt$ ./tcruntime-ctl.sh restart
7. Test that you have configured each tc Runtime instance correctly by navigating to an application deployed on the instance
using your browser.