{{announcement.body}}
{{announcement.title}}

Configure Your SSL Certificate on Apache Tomcat the Simple Way

DZone 's Guide to

Configure Your SSL Certificate on Apache Tomcat the Simple Way

Learn how to setup an SSL certificate on Apache Tomcat easily.

· Java Zone ·
Free Resource

This post is about configuration, if you want to configure your website to always open with https://your_website/App access using Tomcat.

Basic Requirements

  1. JAVA SDK/ JDK
  2. Tomcat (7+)

The Setup Consists of Three Basic Steps

  1. Create a keystore file using Java
  2. Configure Tomcat to use the keystore
  3. Test what you did!
  4. (Bonus ) Configure your app to work with SSL (access through https://localhost:8443/your_Application)

Step 1 — Creating a Keystore File Using Java

First, open the terminal on your computer and type:

Windows:

cd %JAVA_HOME%/bin

Linux or Mac OS:

cd $JAVA_HOME/bin

The $JAVA_HOME on Mac is located on 

/System/Library/Frameworks/JavaVM.framework/Versions/{your java version}/Home/

You will change the current directory to the directory Java is installed on your computer. Inside the Java Home directory, cd to the bin folder. Inside the bin folder there is a file named key tool. This Thing is responsible for generating the keystore file for us.

Next, type on the terminal:

keytool -genkey -alias tomcat -keyalg RSA

When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):

Plain Text
 




x
21


 
1
c:/RaxTonProduction/: keytool -genkey -alias tomcat -keyalg RSA
2
Enter keystore password:  password (<------------- Please note, it will be invisible)
3
Re-enter new password: password
4
What is your first and last name?
5
  [Unknown]:  Rakshit Shah
6
What is the name of your organizational unit?
7
  [Unknown]:  RaxTon
8
What is the name of your organization?
9
  [Unknown]:  RaxTon
10
What is the name of your City or Locality?
11
  [Unknown]:  Ahmedabad
12
What is the name of your State or Province?
13
  [Unknown]:  GJ
14
What is the two-letter country code for this unit?
15
  [Unknown]:  IN
16
Is CN=Rakshit Shah, OU=RaxTon, O=RaxTon, L=Ahmedabad, ST=GJ, C=IN correct?
17
  [no]:  yes
18
 
19
Enter key password for
20
    (RETURN if same as keystore password):  password
21
Re-enter new password: password



It will create a .keystore file on your user home directory. On Windows, it will be on: C:Documents and Settings[username]; on Mac it will be on /Users/[username] and on Linux will be on /home/[username].

Step 2 — Configuring Tomcat for Using the Keystore File SSL Config

Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.

Find the following declaration:

Plain Text
 




xxxxxxxxxx
1


 
1
<!--
2
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
3
    maxThreads="150" scheme="https" secure="true"
4
    clientAuth="false" sslProtocol="TLS" />
5
-->



Uncomment it and modify it to look like the following:

Plain Text
 




xxxxxxxxxx
1


 
1
Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
2
    disableUploadTimeout="true" enableLookups="false" maxThreads="25"
3
    port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
4
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
5
    secure="true" sslProtocol="TLS" />



Note we add the keystoreFile, keystorePass and changed the protocol declarations.

Step 3 — Let’s Test It!

Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.

Note if you try to access the default 8080 port it will be working too: http://localhost:8080

Step 4 — BONUS — Configuring Your App to Work With SSL (Access Through https://localhost:8443/yourApp)

To force your web application to work with SSL, you simply need to add the following code to your web.xml file (before web-app tag ends):

Plain Text
 




xxxxxxxxxx
1


 
1
<security-constraint>
2
    <web-resource-collection>
3
        <web-resource-name>securedapp</web-resource-name>
4
        <url-pattern>/*</url-pattern>
5
    </web-resource-collection>
6
    <user-data-constraint>
7
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
8
    </user-data-constraint>
9
</security-constraint>



The url pattern is set to /* so any page/resource from your application is secure (it can be only accessed with https). The transport-guarantee tag is set to CONFIDENTIAL to make sure your app will work on SSL.

If you want to turn off the SSL, you don’t need to delete the code above from web.xml, simply change CONFIDENTIAL to NONE.

Bingo! You did it!

Topics:
apache tomcat, apache tomcat 7, java, java / j2ee industrial training, ssl cert, ssl certificate, ssl certificate faqs

Published at DZone with permission of RAkshiT ShaH . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}