Quick Tomcat https SSL Config

Setting up your webapp to work with https and SSL encryption when using Tomcat is easier than most people think.  Here’s a very quick HOW-TO to get you up and running…

The first thing you need to do is create a certificate.  If you’re unfamiliar with certificates or SSL you can look at some of the following links to help school you:
http://tldp.org/HOWTO/SSL-Certificates-HOWTO/x64.html
http://www.ourshop.org/resources/ssl.html
http://www.wisegeek.com/what-is-the-difference-between-http-and-https.htm

Creating your certificate

  • Go to your JRE bin folder and there will be a file called “keytool”.
  • Type keytool -genkey -alias tomcat -keyalg RSA -keystore c:/.keystore The “keystore” parameter is optional.  It’s the location where the certificate keystore will be stored.  By default it will be stored in the current user’s home directory.
  • Upon executing, you will be prompted with a number of questions like name, location, organization, etc.  For name I recommend using the domain or if need be the machine name.

Modifying the server.xml file

  • Locate the server.xml in $CATALINA_HOME/conf/server.xml
  • Open it and look for a section dealing with the SSL Connector.  The section will look something like this:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector 
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true";
           clientAuth="false" sslProtocol="TLS"/>
-->
  • Uncomment the block, and add in another attribute for the keystore location.  We’ll add in keystoreFile=”c:\.keystore”, so when finished we’ll have:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector 
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true";
           clientAuth="false" sslProtocol="TLS" keystoreFile="c:\.keystore">
</Connector>

For full workings of server.xml refer to the apache site.

Last step is to restart Tomcat and point the browser to:
https://localhost:8443
Remember the https and it uses port 8443 by default which can be changed in the server.xml


3 Comments

  1. [...] /home/nick » Quick Tomcat https SSL Config (tags: java) [...]

  2. Yazad says:

    keystorePass=”“ may be required.

  3. Nick says:

    **NOTE: For self signed: make the names, organizational unit and organization the IP address. In windows add to Trusted Root Certification Authorities store on client.

Leave a Reply