Apache Tomcat
SecTrail CM enables automatic deployment and renewal of SSL certificates by establishing agentless connections to Apache Tomcat application servers.
Connection Requirementsβ
| Requirement | Detail | Description |
|---|---|---|
| Protocol | SSH (Secure Shell) | Secure remote connection protocol |
| Port | 22 (default) | Standard SSH port or custom port |
| Authentication | SSH Key or Password | Authentication via SSH key or password |
| User Permission | Keystore and restart permission | Java keystore creation and Tomcat restart permission |
Automated Operationsβ
SecTrail CM automatically performs the following operations on Apache Tomcat:
- Keystore Management: Creating and updating Java KeyStore (JKS/PKCS12)
- Certificate Import: Adding SSL certificate and private key to keystore
- Configuration Update: Updating Tomcat server.xml SSL connector settings
- Service Refresh: Restarting Tomcat service
Configuration Stepsβ
1. Creating Tomcat Linux Userβ
Navigate to Automation > Device Users and create a user for Tomcat.
2. Adding Tomcat Device to SecTrail CMβ
Click Automation > Devices > Add New Device button and enter the following information:
- Name: Provide a descriptive name for the device
- Device Users: Select the user created in Step 1
- IP: Enter the IP address of the Tomcat server
- Device Type: Select
Apache Tomcat Linuxfrom the dropdown menu - Become Method: Select privilege escalation method (e.g.,
sudo)
After the Tomcat device is added to SecTrail CM, the IP addresses and ports of all Virtual Servers defined on the device are automatically included in the discovery period and scanned regularly.
3. Viewing Device Informationβ
After the device is added, it will be displayed in the Automation > Devices list. Click on the row to view device details:
- Port: SSL ports that Tomcat listens on (e.g.,
8446,8448) - Server Name: Virtual server IP address (e.g.,
10.34.24.42) - Others: Current SSL configuration details
- Deploy: For certificate deployment
Certificate Deploymentβ
Step 1: Virtual Server and Certificate Selectionβ
- Select your Tomcat device from Automation > Devices
- In the device details, find the Virtual Server where you want to deploy the certificate
- Click the Deploy button on the relevant row
- In the Deploy Certificate window that opens:
- Virtual Servers: Target Virtual Server information is displayed (IP and port)
- Certificate: Select the certificate you want to deploy from the dropdown menu
Step 2: Starting the Deployment Processβ
Click the Deploy button to start the certificate deployment process.
Step 3: Process Trackingβ
The deployment process can be tracked from Automation > Processes:
Operation Detailsβ
The following steps are performed during deployment:
| Step | Operation Description |
|---|---|
| 1 | Configuration backup file is created |
| 2 | JKS (Java KeyStore) file is created and certificate is loaded |
| 3 | Changes are made in the configuration file |
| 4 | Tomcat service is restarted |
Rollback Operationβ
The Manual Rollback feature can be used in case of issues after certificate deployment.
If an error occurs at any step during the deployment process, the system automatically performs a rollback and all changes are reverted.
Rollback Stepsβ
- Navigate to Automation > Processes
- Find the operation you want to rollback
- Use the Manual-Rollback option in the Status column
- Confirm
Operations During Rollbackβ
| Step | Operation |
|---|---|
| 1 | Original configuration is restored |
| 2 | Tomcat service is restarted |
| 3 | Newly created keystore file is removed |
| 4 | Backup and temporary files are cleaned up |