Secure Sockets Layer (SSL) encryption is the most common method for protecting data that is sent over the Internet. This topic describes how to bind an SSL certificate purchased from a trusted certification authority (CA) to an Enterprise Distributed Application Service (EDAS) application.

Purchase an SSL certificate

To configure SSL for an application, you must obtain an SSL certificate signed by a CA, a trusted third party that issued the certificate for this purpose. If you have no SSL certificate, you must purchase an SSL certificate from a company that sells SSL certificates.

Bind an SSL certificate to an application that is deployed with a WAR package

To bind an SSL certificate to an application that is deployed with a WAR package, package the certificate file in the WAR package and use the WAR package to deploy the application. Then, modify the Connector parameter in the server.xml file in Tomcat settings.

  1. Package the certificate file into the WAR package and record the path of the certificate file. Example: jks_path.
  2. Use the WAR package to deploy an application in the EDAS console. For more information, see Create and deploy an application in an ECS cluster.
  3. Log on to the EDAS console.
  4. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. In the upper part of the page, select a namespace. On the Applications page, click the name of the desired application.
  5. On the Basic Information tab of the application details page, click Edit next to Tomcat Context in the Application Settings section.
  6. In the Application Settings dialog box, click Advanced Settings. Modify the Connector parameter to the following configuration in server.xml and click Configure Tomcat. 
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="../app/{app_ID}/{app_name}/{jks_path}" keystoreType="PKCS12" keystorePass="jks_password" clientAuth="false" SSLProtocol="TLS" connectionTimeout="15000" maxParameterCount="1000" maxThreads="400" maxHttpHeaderSize="16384" maxPostSize="209715200" acceptCount="200" useBodyEncodingForURI="true" URIEncoding="ISO-8859-1">
    Note The advanced settings in the Application Settings dialog box of Tomcat Context are available only for applications that are deployed with WAR packages.
    Restart the application to apply the configurations.

Bind an SSL certificate to an application that is deployed with a JAR package

To bind an SSL certificate to an application that is deployed with a JAR package, modify the application.properties file to enable SSL configuration, package the certificate file in the JAR package, use the JAR package to deploy the application, and then change the application port of Tomcat to 8443 in the Application Settings dialog box.

  1. Modify the application.properties file to enable SSL configuration. Sample configurations:
    server.ssl.enabled=true
server.ssl.key-store=classpath:{jks}
server.ssl.key-store-password=jks_password
server.ssl.key-store-type=PKCS12
  2. Store the certificate file in the resources path. The path is at the same file level as application.properties. Then, generate a JAR deployment package.
  3. Deploy the application by using the JAR package. For more information, see Create and deploy an application in an ECS cluster.
  4. Log on to the EDAS console.
  5. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. In the upper part of the page, select a namespace. On the Applications page, click the name of the desired application.
  6. On the Basic Information tab of the application details page, click Edit next to Tomcat Context in the Application Settings section.
  7. In the Application Settings dialog box, set the Application Port parameter to 8443 and click Configure Tomcat.
    Restart the application to apply the configurations.

Bind an SSL certificate to an application that is deployed with an image

Both WAR and JAR Docker images can be used to deploy applications. If you want to bind an SSL certificate to an application that is deployed with an image, see the following content to perform relevant operations.

Create an image by using a WAR package

To bind an SSL certificate to an application that is deployed with an image created by using a WAR package, you must modify the configurations of Tomcat and package the certificate file in the Docker image.

  1. Download the Ali-Tomcat package and decompress the downloaded package to a directory, such as d:\work\tomcat\.
  2. Modify the Connector parameter in the server.xml file. Sample configurations:
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" scheme="https" secure="true" keystoreFile="../app/{app_ID}/{app_name}/{jks_path}" keystoreType="PKCS12" keystorePass="jks_password">
  3. Store the modified server.xml file and certificate file at the same file level as Dockerfile. Add the following settings to Dockerfile:
    ADD server.xml ${CATALINA_HOME}/conf/ADD {jks} ${CATALINA_HOME}/conf/
  4. Package the image and deploy the application.
Create an image by using a JAR package

To bind an SSL certificate to an application that is deployed with an image created by using a JAR package, modify the application.properties file to enable SSL configuration. Then, package the certificate file in the JAR package that is used to create the image, and change the application port in Dockerfile to enable SSL configuration.

  1. Modify the configurations of the JAR package and generate a JAR package. For more information, see Bind an SSL certificate to an application that is deployed with a JAR package.
  2. Set server.port=8443 in start.sh of Dockerfile.
  3. Package the image and deploy the application.

Bind an SLB instance to an EDAS application

Bind a public Server Load Balancer (SLB) instance to an application that is deployed in an Elastic Compute Service (ECS) cluster and set the listening protocol to HTTPS.

Notice You must create an SLB instance in the SLB console in advance. For more information, see Create a CLB instance.
  1. Log on to the EDAS console.
  2. In the left-side navigation pane, click Applications. In the top navigation bar, select a region. In the upper part of the page, select a namespace. On the Applications page, click the name of the desired application.
  3. On the Basic Information tab of the application details page, click Add next to SLB (Internet) in the Application Settings section.
  4. In the Bind SLB Instance to Application dialog box, bind an SLB instance to the application. For more information, see Configure a dedicated SLB instance for an application.
    Bind listener port 443 to an application
    Notice You must set the listener port to 443.

Verify the SSL connection

In the address bar of your browser, enter the IP address or domain name of the application and add the prefix https:// to the IP address or domain name. If you can access the homepage, the SSL certificate is bound to the application.

Additional information

You can use an SLB instance to configure an SSL certificate for an application. For more information, see Add an HTTPS listener.