OS/400 is V5R4, Java 1.6 is installed on the system, and we're using Tomcat 5.5, but we're having difficulty getting Tomcat working using HTTPS.
We created a self-signed certificate and uncommented the salient sections of the server.xml file, changing the parameters to point to the certificate (which needs to be under /QOpenSys, I believe). HTTP works, but HTTPS does not, so something is wrong, most likely with the server.xml configuration.
After much Googling, here's what we found:
First, ensure that your JAVA_HOME environmental variable is set:
WRKENVVAR LEVEL(*SYS)
WRKENVVAR LEVEL(*JOB)
If JAVA_HOME isn't set, add an environmental variable that points to your Java path. In my case:
JAVA_HOME = '/QOpenSys/QIBM/ProdData/JavaVM/jdk60/32bit'
If you've got your own cert already, use it; otherwise generate a self-signed certificate like so:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /QOpenSys/usr/local/ssl/test.crt
(Replace test.crt with whatever you want to call your certificate, follow the prompts)
Using WRKLNK, navigate to your Tomcat install directory's conf folder. Edit server.xml and uncomment and modify the following section:
<Connector port="8443" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="/QOpenSys/usr/local/ssl/test.crt"
algorithm="IbmX509" />
Side note: We had been missing the algorithm="IbmX509" tag, which is why our previous attempts had failed.
Using QSH, navigate to your Tomcat install directory's bin folder. Start Tomcat:
./startup.sh
Open your browser and try it out:
https://1.1.1.1:8443/
You'll get a warning if you're using a self-signed certificate.
If all is working as planned, go back to server.xml and disable the http access (if you want to restrict access to https).
