What Victor has suggested is perfectly valid. It is also a popular option to proxy Tomcat behind something like Nginx or Apache httpd, which is very popular, and then configure SSL on the proxy component. The manual has a page on proxy configuration:
https://guacamole.apache.org/doc/gug/reverse-proxy.html It doesn't cover SSL configuration specifically for the proxy software, but instructions for configuring SSL on both Nginx and Apache httpd are pretty easy to find. -Nick On Thu, Aug 31, 2023 at 5:39 PM Victor Krutov <[email protected]> wrote: > > Obtain password protected pfx cert bundle (I used SHA2 password method). Pfx > should not contain chain certificates. Place it somewhere on the server > > In /etc/tomcat/server.xml find a line related to 8443 (or add). May look > something similar to > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="/var/lib/tomcat/webapps/.keystore" > keystorePass="Password" > URIEncoding="UTF-8" /> > > change keystoreFile and keystorePass on what you have. > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > keystoreFile="/etc/../../quacamole.pfx" > keystorePass="PFX_password" > URIEncoding="UTF-8" /> > > Best > > Victor > > On 2023/08/30 13:53:24 Rezk Mekhael wrote: > > Between web browser clients and Tomcat > > > > On Wed, Aug 30, 2023 at 6:14 AM Nick Couchman <[email protected]> wrote: > > > > > On Wed, Aug 30, 2023 at 7:40 AM Rezk Mekhael <[email protected]> > > > wrote: > > > > > > > > Hi , > > > > > > > > Any document (step by step) to enable and install ssl ? > > > > > > Can you clarify in what context you're referring to enabling and > > > installing SSL? > > > > > > * Between Tomcat and guacd? > > > * Between guacd and remote servers? > > > * Between web browser clients and Tomcat? > > > * Something else? > > > > > > -Nick > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > -- > > Rezk Mekhael > > > > [email protected] > > c. +1818-599-4181 > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
