NCSA CyberSecurity


Note: For printing purposes, you can SHOW ALL or HIDE ALL instructions.

Author: Terry Fleury (tfleury@ncsa.uiuc.edu)
Last Update: April 13, 2006

Implementation

While this document provides some high-level implementation recommendations, specific instructions are given for Fedora Core 4 as the base for the Tomcat Server. We hope to add more information as we test additional platforms and software versions.

Server Setup

Here we give instructions for building the server and configuring the software. We will be using Tomcat as our Web Services (WS) server. Tomcat requires Java. As the Tomcat server is build upon Java, it should run on any operating system / architecture which supports a Java runtime environment.

In each step below, a 'general' instruction is given first, followed by a link for specific instructions. These specific instructions are initially hidden and can be viewed by clicking on the appropriate link.

  1. Install the operating system For your server.
    Instructions For Fedora Core 4...

  2. Install and configure Java and Tomcat.
    Instructions For Installing Java 1.5.0...
    Instructions For Installing Tomcat 5.5.17...

  3. Install Globus/CoG Kit libraries to support proxy certificates in Tomcat.
    While Tomcat comes with libraries to allow for https connections, these libraries do not support proxy certificates. So you need to download a few Java libraries from the Globus CVS site and copy them to the Tomcat library directories.
    Instructions For Fedora Core 4...

  4. Configure Tomcat to use these Globus Java libraries.
    Next you need to configure Tomcat to actually use these Globus Java libraries you just copied over to the Tomcat library directories. The configuration is nearly the same for both Tomcat 5.0.x and Tomcat 5.5.x.
    Instructions For Configuring Tomcat...

  5. Add Globus libraries to Tomcat's CLASSPATH.
    If you are using certain Globus libraries in your web service code, you may need to add them to Tomcat's CLASSPATH at startup time.
    Instructions For Configuring Tomcat...

  6. (Optional) Configure Tomcat for authorization via grid-mapfile.
    If you want gridmap-style authorization (in addition to the authentication you configured above), you need to install another .jar file and add another <Valve ...> section to your Tomcat's server.xml configuration file.
    Instructions For Configuring Tomcat...

  7. Obtain a certificate to secure your Tomcat server.
    There are several ways to secure your Tomcat server. You can obtain an SSL certificate from one of the many commercial certificate providers, for example VeriSign. This will allow users to connect to your website via an https:// connection without any annoying warning messages. You can obtain a free SSL certificate from CAcert.org. You can create a self-signed certificate which will generate a warning message for users, but otherwise provides a secure https connection. Finally, if you are at an organization which can act as a Certificate Authority (CA) such as NCSA, you can obtain a host certificate authorized by that organization.
    Instructions For NCSA-Signed Certificate...
    Instructions For CAcert.org...
    Instructions For Commercial SSL Certificate Provider...
    Instructions For Self-Signed Certificate...

  8. Install your host certificate and private key for the Tomcat Server.
    Instructions For Fedora Core 4...

  9. If necessary, install Certificate Authority files.
    If you obtained your host certificate from a commercial provider, you do not need to install any CA files since clients will have information on the commercial provider and accept their root CA as trusted. If you generated a self-signed certificate, you do not need to install any CA files since the certificate is not signed by any Certificate Authority.
    For Other Certificate Authorities...

  10. If you are running a firewall, allow access for http/https to Tomcat.
    By default, Tomcat uses port 8080 for http connections and port 8443 for https connections. (However, you can change these values in the $CATALINA_HOME/conf/server.xml file.)
    Instructions For Fedora Core 4...

  11. Restart the Tomcat server.
    Instructions For Fedora Core 4...
Once you have your server configured and running, you can test your server with Internet Explorer.