Tomcat is normally defined as a reference implementation of the Java Servlet and the Java Server Page (JSP) Specifications. It basically executes Java servlets and renders web pages which include JSP coding. It is available on the Apache site in both source and binary versions. Jul 09, 2019 keytool -import -alias tomcat -keystore example.jks -file example.crt. The alias should coincide with the one you indicated when creating the keystore. After the successful import you need to edit Tomcat configuration file. As a rule, it is called server.xml and usually can be found in HomeDirectory/conf folder.
Overview
In Web NMS, two packages Apache and Tomcat were used to run the server functionality. Apache as web server and Tomcat as servlet engine. As Apache was increasingly prone to security attacks, it was decided to remove Apache which served as web server. Tomcat version 5.5.20, which is bundled with Web NMS, was selected to play the dual role as web server and servlet engine. And therefore, Apache package is removed from Web NMS.
Reasons for Removing the Apache Package
Apache is becoming a serious security concern.
Feature-wise, Tomcat has all the features in Apache (Refer the detailed table below for the comparison chart).
More applications, like one for web server (Apache) and one for servlet engine (Tomcat) increases the vulnerability of Web NMS. Less applications, lesser vulnerabilities, makes Web NMS more secure.
There is reduction in size of Web NMS product (~ 13 MB). Download of Web NMS becomes faster and installation becomes easier.
In future, the overhead of Apache migration is avoided.
List of Security Issues in Apache Server
When web root of Apache is configured as the working directory of the product, then database and conf directories are vulnerable to hacks.
Apache allows directory browsing in the web applications.
We have to keep the web server features, which we are not using, turned off.
Tomcat Web Server Configuration
Advantages of Tomcat Server
Tomcat can be used as web server in addition to servlet engine.
Tomcat also supports SSL, much similar to the way in which SSL is implemented in Web NMS. So there is no extra concern to customers using SSL.
Tomcat is also a Java application, hence running as Web NMS web server in SSL mode is much simpler.
Tomcat also has the re-direction to SSL when enabled.
Comparing the Features of Apache and Tomcat Servers with Respect to Web NMS
Feature | Apache | Tomcat |
Act as a web server rendering static pages | Yes | Yes |
Securing by SSL | Yes | Yes |
Running server in a virtual IP or in a particular IP in dual NIC environment | Yes | Yes |
Access control over directories and files in server root (whether to be accessible through HTTP) | Yes | Yes |
Executing servlets | No | Yes |
Executing other dynamic pages (.jsp, .js, etc.,) | No | Yes |
Library dependency at runtime | Yes | No |
Tomcat Web Server Or Application Server
Compare the performance of Web NMS with and without Apache server
Web NMS has fewer simultaneous users which can be handled by Tomcat. Apache is required only if Web NMS has too many simultaneous users (in 1000s).
As of now, Tomcat does not have any library dependency. Hence, the WebNMS server start up is free from library incompatibility issues.
When Apache was used, it redirected certain type of requests to Tomcat and handled rest of the requests by itself. With Tomcat alone, all requests are directly handled by Tomcat.
Copyright © 2013, ZOHO Corp. All Rights Reserved.
Tomcat Web Server Download