Configuring TLS 1.3 on Tomcat Server

You can configure the TLS 1.3 protocol for QMF Server on Apache Tomcat Server.

Before you begin

Ensure that you have a keystore file and a truststore file. For more information on how to create a keystore for Tomcat, see SSL/TLS Configuration using Apache Tomcat.

About this task

Perform the following steps to configure QMF Server on Apache Tomcat Server.

Procedure

  1. Navigate to the folder where Tomcat is installed.
  2. Open the server.xml file in an editor.
    In the server.xml file, you can define server settings, connectors (HTTP, HTTPS), and other components.
  3. Enter the following code in <Service name = Catalina>: 
    <Connector port="443"
               maxThreads="150" scheme="https" secure="true" SSLEnabled="true"
	        keystoreFile="{Folder where KeyStore file is located}\server.jks" keystorePass="<KeyStorePassword>"
	        clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.3"
               >
</Connector>
    Here, the location for the keystoreFile is the folder or directory where you have saved your keystore file and <KeyStorePassword> is the password for the keystore file.
  4. Configure User Access Control and other properties.
    For more information, see Installing on Apache Tomcat.
    Or,
    • Configure LDAP that is compatible with QMF.
  5. Navigate to the <Tomcat_INSTAL_DIR>/bin folder and double-click the TomcatXw.exe file to open. The TomcatX Properties window opens.
    Here X is the Tomcat’s version.
    Note: The TomcatXw.exe file will open only when the TomcatX service is available in the service list of Windows or Linux. The service for TomcatX is created by default when Tomcat is installed via the installer. If Tomcat is extracted from a zip file, to create the service, use the service.bat file to install the Tomcat from the command prompt.
  6. Under the Tomcat Properties window, select the Java tab, and in the Java Virtual Machine box enter the location where the JVM parameter Java JDK jvm.dll is installed on your system.
  7. In the Java Options box, enter the following definition in the last line: 
    
-Dqmf.activemq.protocol=ssl 
-Djavax.net.ssl.keyStore={Folder where KeyStore file is located}\server.jks 
-Djavax.net.ssl.keyStorePassword=<KeyStorePassword> 
-Djdk.tls.client.protocols=TLSv1.3 
-Djavax.net.ssl.trustStore={Folder where TrustStore file is located}\client.jks 
-Djavax.net.ssl.trustStorePassword=<TrustStorePassword>
    Note: Adding the definition -Dqmf.activemq.protocol=ssl in Java Options will configure the ActiveMQ communication in SSL mode.