Enabling SSL in Tomcat
by
Join the DZone community and get the full member experience.
Join For FreeThere are lots of documents on the web on how to configure SSL in Tomcat. Tomcat Server/Client Self-Signed SSL Certificate and Mutual Authentication with CLIENT-CERT, Tomcat 6, and HttpClient stand out. But there is no simple example where we can demonstrate Enabling SSL in Tomcat, I spent days pouring documents and Googling before I got the perfect solution. In this blog I have demonstrated using a simple Java Keystore to achieve a 2 way handshake. In my next blog I will show you how to use security-constraint to achieve CLIENT-CERT based access control.
This sample only works with Tomcat 6.0. Download and unzip the zip file in a location and go to <tomcat-home>/conf location and copy the 2 batch files client1cert.bat and client2cert.bat. Run both the files in that order they will create all the necessary certificates required for 2 way handshake.
Open server.xml and replace the <Connector> tag with the one below,
<Connector
clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${catalina.base}/conf/server.jks"
keystoreType="JKS" keystorePass="password"
truststoreFile="${catalina.base}/conf/server.jks"
truststoreType="JKS" truststorePass="password"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS" />
If you notice the clientAuth=”true” enabled.
Copy the client0 folder to <tomcat-home>/webapp directory. Finally start the server. Now under the sourcecode folder, go to, client-cert-test open the file src/main/java/com/goSmarter/test/SecureHttpClient0Test.java file and change the below line to point to your <tomcat home>/conf location,
public static final String path = "D:/apache-tomcat-6.0.36/conf/";
Run “mvn test -Dtest=com.goSmarter.test.SecureHttpClient0Test”. You
notice that 1 test succeeded. If testcase passed it means, 2 way SSL is
working correctly. Please looks at the code and understand the flow. The
JUnit test uses HttpUnit api to access the secure webserver. You will
also notice when you run the test, there are lot of certificate related
messages on the console. For this to appear, I have turned on Client
side SSL debugging by putting the below code in
SecureHttpClient0Test.java class,
static {
System.setProperty("javax.net.debug", "ssl");
}I hope this blog helped you.
Published at DZone with permission of Krishna Prasad, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments