HTTPS (SSL) : in Tomcat / Jetty / Jboss

In my earlier days of development, whenever I saw "https:// " in my web browser, I thought creating one such connection in my own app was rocket science.
But a number of years later, when I started digging, I saw how simple it was. Now, since I imagine others are going through what I went through then, I am going to share the basics of SSL and its configurations when accessing a server.

When you start implementing HTTPS, the first question is usually this:

What do we need to do in our application to support "Https"?

Well, first off, we don't have to change anything in our application to support "HTTPS." But the container we are deploying (like a Tomcat or JBoss server) needs to support HTTPS. I.e., we need to enable the SSL configuration in the server(s).

Before discussing the configuration in the servers, though, let's explore the basics of SSL.

A day-to-day example will help. When we enter into the office, we have to swipe our access cards to open the door. Imagine that the access card is a certificate (for encryption) to ensure secure communication between our office and us. This is what SSL is like. Take a look at the below definition:

Secure Socket Layer: A secured (encrypted) communication between web browsers and web servers.

Now take a look at the picture below. It shows the basic idea about the SSL.

So let's configure the SSl. For SSL to operate, we need a certificate. The certificate can be generated by something called "keytool," a built-in Java tool.

For Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA.        

For Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA.

While executing these commands, the below info will be prompted.

The default location of the certificate is your home directory. If you want to change it, modify the path by introducing "-keystore /path/to/my/keystore."

Tomcat :

Now the final step is to configure our Tomcat with the certificate for SSL. Uncomment the following lines in the "%TOMCAT_HOME/conf/server.xml."

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

The above line contains the default SSL using JSSE with the keystore path as our "home path", and our password as "changeit." If we have generated the certificate using some other path or password, then we have to change the above line to what's shown here:

 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Now start Tomcat and try to access "https://localhost:8443/" in the port "8443"(we can change this later). Our SSL configuration is done. We can now put our Helloworld application in and access it with "Https://."

Jetty:

We can generate the certificate with the alias "jetty" and then configure that for Jetty by adding the following config in "${jetty_home}/etc/jetty.xml."

<!-- Add this connector code in jetty.xml -->

 <Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
        <Arg><Ref id="sslContextFactory" /></Arg>
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
      </New>
    </Arg>
  </Call>
	

<!-- Passwords and keystore location we are specifying -->
 <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">
    <Set name="KeyStore">/home/karthikeyan/.keystore</Set>
    <Set name="KeyStorePassword">123456</Set>
    <Set name="KeyManagerPassword">123456</Set>
    <Set name="TrustStore">/home/karthikeyan/.keystore</Set>
    <Set name="TrustStorePassword">123456</Set>
 </New>

Next, start the Jetty server and try with "https://localhost:8443/."

JBoss :

For configuring SSL in JBoss, it's as similar as Tomcat. Just change the "${Path}/jboss-4.2.2.GA/server/default/deploy/jboss-web.deployer/server.xml" by uncommenting the line and adding the keystorepath & keystorepass as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Start the JBoss and access it in HTTPS://.

Now, just like that, we can access our application with "HTTP" as well as "HTTPS."