HTTPS for Tomcat web server
All applications are normally only available with the normal HTTP port on Tomcat web server. If you want to use a trusted SSL connection (HTTPS) you have to configure your Tomcat. In this article I will show you how this works and what thing you need for that. First you need to install the following things:
- JDK 1.6 of higher
- Tomcat 6 or higher
Create a keystore file
We need to navigate to the Java SDK directory:
cd $JAVA_HOME/bin
Here you should find a keytool program. With it we can create our own keystore file:
keytool -genkey -alias ziegelwanger-edv -keypass zzadmin -keystore ziegelwanger-edv.bin -storepass zzadmin
It is important to set the same keypass and storepass. The alias and keystore filename can be defined. I used my domain. After that you have to answer some questions:
What is your first and last name? [Unknown]: werner ziegelwanger What is the name of your organizational unit? [Unknown]: home What is the name of your organization? [Unknown]: ziegelwanger-edv What is the name of your City or Locality? [Unknown]: melk What is the name of your State or Province? [Unknown]: niederösterreich What is the two-letter country code for this unit? [Unknown]: AT Is CN=nitin pai, OU=home, O=techtracer, L=mumbai, ST=maharashtra, C=IN correct? [no]: yes
If everything worked fine you should get a ziegelwanger-edv.bin file in the same directory. We copy this file to the webapps directory of your Tomcat installation.
Configure Tomcat with your new keystore file
You can configure Tomcat by editing the server.xml file. This file can be found in your Tomcat configuration directory. On Linux this may be /etc/tomcat7/. We need to edit the connector for port 8443. Normally this connector is commented so we uncomment it and change it to fits our needs:
<Connector port=”8443″ maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″ enableLookups=”true” disableUploadTimeout=”true” acceptCount=”100″ debug=”0″ scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” keystoreFile=”../webapps/ziegelwanger-edv.bin” keystorePass=”zzadmin” />
The last lines are the important ones.
You should now can connect to your application over your HTTPS port:
https://localhost:8443/
Configure web applications for SSL
Currently you can connect to your application with HTTP and HTTPS. If you want to only use HTTPS, you have to configure your web app. For this we have to edit the web.xml file:
<security-constraint> <web-resource-collection> <web-resource-name>securedapp</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
You can put this line at the end of your xml file.
Done! Now your Tomcat application should be save by SSL.
My brother recommended I might like this blog. He was totally right. This post truly made my day. You can not imagine just how much time I had spent for this information! Thanks!
Thanks for the article. I’ve installed SSL in my java hosting server, however it was showing errors.
Then, I enabled SSL for the account and the SSL works fine now.