Standard

Posted by

Posted on

September 4, 2014

Posted under

Tomcat

Comments

1 Comment

How to configure Tomcat to support SSL or https

A guide to show you how to configure Tomcat 6.0 to support SSL or https connection.

1. Generate Keystore

First, uses “keytool” command to create a self-signed certificate. During the keystore creation process, you need to assign a password and fill in the certificate’s detail.

$Tomcat\bin>keytool -genkey -alias mystore -keyalg RSA -keystore c:\mykeystore

Enter keystore password:

Re-enter new password:

What is your first and last name?

[Unknown]: <your name>

What is the name of your organizational unit?

IT

[no]: yes

Enter key password for <mystore>

(RETURN if same as keystore password):

Re-enter new password:

$Tomcat\bin>

Here, you just created a certificate named “mykeystore“, which locate at “c:\“.

Certificate Details : You can use same “keytool” command to list the existing certificate’s detail

$Tomcat\bin>keytool -list -keystore c:\mykeystore

Enter keystore password:

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 1 entry

–, 14 Disember 2010, PrivateKeyEntry,

Certificate fingerprint (MD5): C8:DD:A1:AF:9F:55:A0:7F:6E:98:10:DE:8C:63:1B:A5

$Tomcat\bin>

2. Connector in server.xml

Next, locate your Tomcat’s server configuration file at $Tomcat\conf\server.xml, modify it by adding a connector element to support for SSL or https connection.

File : $Tomcat\conf\server.xml

<!— Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation —>

<Connector port=“8443”
protocol=“HTTP/1.1”
SSLEnabled=“true”

maxThreads=“150”
scheme=“https”
secure=“true”

clientAuth=“false”
sslProtocol=“TLS”

keystoreFile=“c:\mykeystore”

keystorePass=“password”
/>


Note : keystorePass=”password” is the password you assigned to your keystore via “keytool” command.

3. Done

Saved it and restart Tomcat, access to https://localhost:8443/


In this example, we are using Google Chrome to access the Tomcat configured SSL site, and you may notice a crossed icon appear before the https protocol :), this is caused by the self-signed certificate and Google chrome just do not trust it.

In production environment, you should consider buy a signed certificate from trusted SSL service provider like verisign or sign it with your own CA server

Advertisement

One thought on “How to configure Tomcat to support SSL or https

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s