1. Download latest diablo-jdk-freebsd and cp to /usr/ports/distfiles
2. Download latest tzupdater and cp to /usr/ports/distfiles
3. cd /usr/ports/java/diablo-jdk16/ && make install clean
4. cd /usr/ports/www/tomcat6/ && make install clean
5 Install apache22 + Apache Setup
Add: apache22_enable="YES"
tomcat60_enable="YES"
6 Install mod_jk (connector used by appche to connect to servlet container)
7 Configure Apache SSL (HTTPS) - refer to apache documentation
8. Edit /usr/local/etc/apache22/httpd.conf
Change this parameter ->
Listen 80 to Listen 443
9. Make sure this module load at apache start
Enable this in httpd.conf -> LoadModule jk_module libexec/apache22/mod_jk.so
10.Add this in httpd.conf -> Include etc/apache22/mod_jk.conf
11.Create new file
#ee /usr/local/etc/apache22/mod_jk.conf
And add this
JkWorkersFile /usr/local/etc/apache22/workers.properties
JkLogFile /var/log/jk.log
JkShmFile /var/log/jk-runtime-status
JkLogLevel error
Save mod_jk.conf
12.Create new file
# ee /usr/local/etc/apache22/workers.properties
and add this
worker.list=host-name-newsso01
worker. host-name-newsso01.port=8009
worker. host-name-newsso01.host= host-name-newsso01
worker. host-name-newsso01.type=ajp13
worker. host-name-newsso01.lbfactor=1
Save workers.properties
Note : please change all " host-name-newsso01 " with your own server name
13.Edit /usr/local/etc/apache22/extra/httpd-ssl.conf
Disable Listen 443
Add this (bottom of file before )
JkMount /* host-name-newsso01
JkMount /*.jsp host-name-newsso01
Note : please change all " host-name-newsso01 with your own server name
14. cd /usr/local/apache-tomcat-6.0/conf
15. ee server.xml
*Make sure you add or enable this
connectionTimeout="20000"
redirectPort="8443" />
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
save server.xml
16. Edit /etc/rc.conf and add this line if not yet(STEP 5)
apache22_enable="YES"
tomcat60_enable="YES"
save rc.conf
17. Start apache and tomcat
18. Test access tomcat (non secure using http://servername:8080)
then try access secure connection https using https://servername:8080
**Unable to make a secure connection to the server.
This may be a problem with the server or it may be requiring a client authentication certificate that you don't have
CONFIGURE CAS SERVER
1. Install apache MAVEN -
# cd /usr/ports/devel/maven2 && make install clean ; rehash
2. Download latest JASIG CAS Server from http://downloads.jasig.org/cas/ and save in your home directory
3. Extract downloaded CAS Server
For example if latest version is cas-server-3.4.11-release.tar.gz
#tar -xzf cas-server-3.4.11-release.tar.gz
#cd cas-server-3.4.11/cas-server-webapp
#ee pom.xml and add this line
${project.groupId}
cas-server-support-ldap
${project.version}
save file
4.Run this command in cas-server-3.4.11/cas-server-webapp directory
# mvn clean package
5.Run this command in cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
Stop apache tomcat
# /usr/local/etc/rc.d/tomcat6 stop
6.Replace all content in /usr/local/apache-tomcat-6.0/webapps/ROOT/ with content from cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
# cp -Rp * /usr/local/apache-tomcat-6.0/webapps/ROOT/
:/var/lib/tomcat6/webapps/ROOT (UBUNTU)
7.Edit deployerConfigContext.xml
# ee /usr/local/apache-tomcat-6.0/webapps/ROOT/WEB-INF/deployerConfigContext.xml
make sure you configure this parameter same like this
8.Add this line at :
--------------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="uid=%u,ou=people,dc=lms,dc=contoso,dc=edu,dc=my" /]
[property name="contextSource" ref="contextSource" /] [/bean]
-------------------------------------------------------------------------------
and put this in ldap server parameter (For lms LDAP)
[value]ldap://xxx.xxx.xxx.xx/[/value]
OR paste this line (For LDAP):
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list]
[value]ldap://xxx.xxx.xx.xx/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
----------------------------------------------------------------
9. Start apache tomcat
#/usr/local/etc/rc.d/tomcat6 start
10.Create Server Key
http://www.digicert.com/csr-creation-apache.htm
11.Run this command in your home
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
**Check https details/info from current https site - https://sso.contoso.edu.my
Klik dekat lock, view certificate details > subjects
12.Get server key from server.csr
- Open server.csr
- Copy key inside .csr and paste in notepad (make sure only key copied)
________________________________________________________________
(Common Name)CN :*.contoso.sdn.bhd
(Organization)O :Contoso Sdn Bhd (CONTOS)
(Locality) L :Shah Alam
(State) S :Selangor
(Country) C :MY
________________________________________________________________
13.Register/Create New SSL certificate from digicert
- Login Digicert
- Reissue action
- Get duplicate (To get duplicate certificate)
- Paste key from notepad
- Server software : Apache
- Note : New SSO Staff
- Others lets default
- Process
** Wait until u get mail for the new cert(cert.zip)
14.Download cert > Unzip cert > copy to sso server(your home)
15.Create folder certs in apache22
#cd /usr/local/etc/apache22/
#mkdir cert
17. Move all key and cert file to this directory
#cd /home/you/
#mv server.key /usr/local/etc/apache22/cert
#mv DigiCertCA.crt /usr/local/etc/apache22/cert
#mv star_contoso_edu_my.crt /usr/local/etc/apache22/cert
** Make sure all 3 key inside cert folder
-rw-r--r-- 1 root wheel 3858 May 4 02:38 DigiCertCA.crt
-rw-r--r-- 1 root wheel 1679 May 4 02:37 server.key
-rw-r--r-- 1 root wheel 2450 May 4 02:38 star_contoso_edu_my.crt
** After all setting ok, setchmod to 444 for all
18.Configure SSL cert in your server.Edit httpd-ssl.conf
#ee /usr/local/etc/apache22/extra/httpd-ssl.conf
Enable and define right path for this SSL Cert:
____________________________________________________________________________
SSLCertificateFile "/usr/local/etc/apache22/cert/star_contoso_edu_my.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/cert/server.key"
SSLCertificateChainFile "/usr/local/etc/apache22/cert/DigiCertCA.crt"
____________________________________________________________________________
19.Test Config Apache
#apachectl configtest
20.Enable httpd-ssl-conf in basic apache setting http.conf
#ee /usr/local/etc/apache22/extra/httpd.conf
Include etc/apache22/extra/http-default.conf
21. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start
22. Now you should able to access you CAS server
https://servername/login
Done.
JkShmFile /var/log/jk-runtime-status
JkLogLevel error
Save mod_jk.conf
12.Create new file
# ee /usr/local/etc/apache22/workers.properties
and add this
worker.list=host-name-newsso01
worker. host-name-newsso01.port=8009
worker. host-name-newsso01.host= host-name-newsso01
worker. host-name-newsso01.type=ajp13
worker. host-name-newsso01.lbfactor=1
Save workers.properties
Note : please change all " host-name-newsso01 " with your own server name
13.Edit /usr/local/etc/apache22/extra/httpd-ssl.conf
Disable Listen 443
Add this (bottom of file before )
JkMount /* host-name-newsso01
JkMount /*.jsp host-name-newsso01
Note : please change all " host-name-newsso01 with your own server name
14. cd /usr/local/apache-tomcat-6.0/conf
15. ee server.xml
*Make sure you add or enable this
redirectPort="8443" />
clientAuth="false" sslProtocol="TLS" />
save server.xml
16. Edit /etc/rc.conf and add this line if not yet(STEP 5)
apache22_enable="YES"
tomcat60_enable="YES"
save rc.conf
17. Start apache and tomcat
18. Test access tomcat (non secure using http://servername:8080)
then try access secure connection https using https://servername:8080
**Unable to make a secure connection to the server.
This may be a problem with the server or it may be requiring a client authentication certificate that you don't have
CONFIGURE CAS SERVER
1. Install apache MAVEN -
# cd /usr/ports/devel/maven2 && make install clean ; rehash
2. Download latest JASIG CAS Server from http://downloads.jasig.org/cas/ and save in your home directory
3. Extract downloaded CAS Server
For example if latest version is cas-server-3.4.11-release.tar.gz
#tar -xzf cas-server-3.4.11-release.tar.gz
#cd cas-server-3.4.11/cas-server-webapp
#ee pom.xml and add this line
save file
4.Run this command in cas-server-3.4.11/cas-server-webapp directory
# mvn clean package
5.Run this command in cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
Stop apache tomcat
# /usr/local/etc/rc.d/tomcat6 stop
6.Replace all content in /usr/local/apache-tomcat-6.0/webapps/ROOT/ with content from cas-server-3.4.11/cas-server-webapp/target/cas-server-webapp-3.4.11/
# cp -Rp * /usr/local/apache-tomcat-6.0/webapps/ROOT/
:/var/lib/tomcat6/webapps/ROOT (UBUNTU)
7.Edit deployerConfigContext.xml
# ee /usr/local/apache-tomcat-6.0/webapps/ROOT/WEB-INF/deployerConfigContext.xml
make sure you configure this parameter same like this
8.Add this line at
--------------------------------------------------------------------------------
[bean class="org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler"]
[property name="filter" value="uid=%u,ou=people,dc=lms,dc=contoso,dc=edu,dc=my" /]
[property name="contextSource" ref="contextSource" /] [/bean]
-------------------------------------------------------------------------------
and put this in ldap server parameter (For lms LDAP)
[value]ldap://xxx.xxx.xxx.xx/[/value]
OR paste this line (For LDAP):
------------------------------------------------------------
[bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"]
[property name="pooled" value="true"/]
[property name="urls"]
[list]
[value]ldap://xxx.xxx.xx.xx/[/value]
[/list]
[/property]
[property name="userDn" value="cn=admin,dc=it,dc=mycompany,dc=com"/]
----------------------------------------------------------------
9. Start apache tomcat
#/usr/local/etc/rc.d/tomcat6 start
10.Create Server Key
http://www.digicert.com/csr-creation-apache.htm
11.Run this command in your home
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
**Check https details/info from current https site - https://sso.contoso.edu.my
Klik dekat lock, view certificate details > subjects
12.Get server key from server.csr
- Open server.csr
- Copy key inside .csr and paste in notepad (make sure only key copied)
________________________________________________________________
(Common Name)CN :*.contoso.sdn.bhd
(Organization)O :Contoso Sdn Bhd (CONTOS)
(Locality) L :Shah Alam
(State) S :Selangor
(Country) C :MY
________________________________________________________________
13.Register/Create New SSL certificate from digicert
- Login Digicert
- Reissue action
- Get duplicate (To get duplicate certificate)
- Paste key from notepad
- Server software : Apache
- Note : New SSO Staff
- Others lets default
- Process
** Wait until u get mail for the new cert(cert.zip)
14.Download cert > Unzip cert > copy to sso server(your home)
15.Create folder certs in apache22
#cd /usr/local/etc/apache22/
#mkdir cert
17. Move all key and cert file to this directory
#cd /home/you/
#mv server.key /usr/local/etc/apache22/cert
#mv DigiCertCA.crt /usr/local/etc/apache22/cert
#mv star_contoso_edu_my.crt /usr/local/etc/apache22/cert
** Make sure all 3 key inside cert folder
-rw-r--r-- 1 root wheel 3858 May 4 02:38 DigiCertCA.crt
-rw-r--r-- 1 root wheel 1679 May 4 02:37 server.key
-rw-r--r-- 1 root wheel 2450 May 4 02:38 star_contoso_edu_my.crt
** After all setting ok, setchmod to 444 for all
18.Configure SSL cert in your server.Edit httpd-ssl.conf
#ee /usr/local/etc/apache22/extra/httpd-ssl.conf
Enable and define right path for this SSL Cert:
____________________________________________________________________________
SSLCertificateFile "/usr/local/etc/apache22/cert/star_contoso_edu_my.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/cert/server.key"
SSLCertificateChainFile "/usr/local/etc/apache22/cert/DigiCertCA.crt"
____________________________________________________________________________
19.Test Config Apache
#apachectl configtest
20.Enable httpd-ssl-conf in basic apache setting http.conf
#ee /usr/local/etc/apache22/extra/httpd.conf
Include etc/apache22/extra/http-default.conf
21. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start
22. Now you should able to access you CAS server
https://servername/login
Done.
No comments:
Post a Comment