11/30/2021

Tomcat Cloud

  • Bitnami Cloud Images extend stack appliances to run in a cloud computing environment. You can run Bitnami applications on a pay-as-you-go basis, programmatically starting and stopping them. Bitnami Tomcat Stack is pre-configured and ready-to-use immediately on any of the platforms below. Quickly deploy your applications to the cloud and make them available online.
  • Creating an Oracle Enterprise Linux instance on the Oracle Cloud Compute Service. First we need to create our Oracle Linux compute instance. Navigate to the Oracle Cloud Compute instances page with in the Oracle Cloud Infrastructure console. Click the create instance button.
Tomcat Cloud

CloudTomcat.com is a Multi Brand Online IT Store of Cloud Application, Network Devices, System Devices, Storage, Software, Unified communication, Surveillance, Hosting, and IT.

You may already be using the cloud connector and now you wish to secure it. Depending upon your server setup and organisation’s policies this can be straight forward or more involved.

For most vanilla setups, we can generate a Certificate Signing Request (CSR) from the SAP Cloud Connector’s user interface and then upload the signed certificate response. There’s a great tutorial here https://developers.sap.com/tutorials/cp-connectivity-install-cloud-connector.html

If however you have an existing wild card certificate to use there are some additional steps, those are captured in this blog post.

  1. Retrieve Keystore Password
  2. Convert existing private key and existing certificate into p12
  3. Update Keystore with Wildcard Certificate

Pre-requisites

  • Root access to linux installation of SCC
  • Private Key used to generate wildcard certificate, usually .pem
  • Wildcard public certificate, usually .crt

Background

The SAP Cloud Connector (SCC) uses tomcat and a java keystore under the covers. The keystore used by Tomcat hold the SSL certificates. Typically you interact with the java keystore with the keytool command. Keytool does not support importing private keys. We therefore need to replace the existing keystore certificate.

1. Retrieve Keystore Password

The keystore used by the SCC is password protected. This password is generated during install, but it is not displayed. We can retrieve the password with the following command.

This command should be executed as root.

Using the password retrieved we can confirm it is valid and view the contents of our existing keystore (ks.store).

The output from keytool shows the alias used for the SCC certificate is tomcat. We need to replace the tomcat entry with our own certificate.

2. Convert existing private key and existing certificate into p12

The keytool requires a pkcs12 format certificate, we can generate that with the private key (pem) and certificate (crt) file.

We can inspect our 2 files to confirm they have the expected contents.

We should see

—–BEGIN PRIVATE KEY—– in the .pem file

—–BEGIN CERTIFICATE—– in the .crt file

Let’s understand this command with some placeholders, the name tomcat is the default certificate alias the SCC uses.

3. Update Keystore with Wildcard Certificate

Tomcat Cloud Free

With the commands below we can update the keystore with our converted (.p12) certificate.

To understand the keytool command I have added some placeholders.

All being well we should now see the secure padlock in our browser be able to load the SAP Cloud Connector interface without any security warnings.

Tomkat Cloudy Review

Troubleshooting

Tomcat Cloud Storage

Errors are usually reported in the SCC log found here

The Java version is important, as the SCC and Tomcat rely upon java, using a current java version provides maximum compatibility. If you see errors such as these below

Tomcat Cloud Server

  • Not Secure
  • This site uses an outdated security configuration
  • Site Is Using Outdated Security Settings
  • Connection Not Secure
  • This page uses weak encryption
  • Your connection to this site is not fully secure

Tomcat Cloud

This can can be caused the installer picking an old java version. The SCC is then not able to use modern encryption algorithms. To fix this, update your $JAVA_HOME and re-install the same scc version with the –force and -U options.

Tomcat Cloud Software

Conclusion

Tomkat Cloudy

With a few steps we can secure the cloud connector with a wild card certificate. The SAP Cloud Connector is built on open standards that allows it to be configured to meet your organisations needs.