Over a million developers have joined DZone.

HTTPS (SSL) : in Tomcat / Jetty / Jboss

· Java Zone

Discover how AppDynamics steps in to upgrade your performance game and prevent your enterprise from these top 10 Java performance problems, brought to you in partnership with AppDynamics.

In my earlier days of development, whenever I saw "https:// " in my web browser, I thought creating one such connection in my own app was rocket science.
But a number of years later, when I started digging, I saw how simple it was. Now, since I imagine others are going through what I went through then, I am going to share the basics of SSL and its configurations when accessing a server.

When you start implementing HTTPS, the first question is usually this:

What do we need to do in our application to support "Https"?

Well, first off, we don't have to change anything in our application to support "HTTPS." But the container we are deploying (like a Tomcat or JBoss server) needs to support HTTPS. I.e., we need to enable the SSL configuration in the server(s).

Before discussing the configuration in the servers, though, let's explore the basics of SSL.

A day-to-day example will help. When we enter into the office, we have to swipe our access cards to open the door. Imagine that the access card is a certificate (for encryption) to ensure secure communication between our office and us. This is what SSL is like. Take a look at the below definition:

Secure Socket Layer: A secured (encrypted) communication between web browsers and web servers.

Now take a look at the picture below. It shows the basic idea about the SSL.

SSL Communication

So let's configure the SSl. For SSL to operate, we need a certificate. The certificate can be generated by something called "keytool," a built-in Java tool.

For Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA.        

For Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA.

While executing these commands, the below info will be prompted.

 Certificate Generation


The default location of the certificate is your home directory. If you want to change it, modify the path by introducing "-keystore /path/to/my/keystore."

Tomcat :

Now the final step is to configure our Tomcat with the certificate for SSL. Uncomment the following lines in the "%TOMCAT_HOME/conf/server.xml."

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

The above line contains the default SSL using JSSE with the keystore path as our "home path", and our password as "changeit." If we have generated the certificate using some other path or password, then we have to change the above line to what's shown here:


<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Now start Tomcat and try to access "https://localhost:8443/" in the port "8443"(we can change this later). Our SSL configuration is done. We can now put our Helloworld application in and access it with "Https://."


We can generate the certificate with the alias "jetty" and then configure that for Jetty by adding the following config in "${jetty_home}/etc/jetty.xml."

<!-- Add this connector code in jetty.xml -->
 <Call name="addConnector">
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
        <Arg><Ref id="sslContextFactory" /></Arg>
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
  </Call> <!-- Passwords and keystore location we are specifying --> <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="KeyStore">/home/karthikeyan/.keystore</Set> <Set name="KeyStorePassword">123456</Set> <Set name="KeyManagerPassword">123456</Set> <Set name="TrustStore">/home/karthikeyan/.keystore</Set> <Set name="TrustStorePassword">123456</Set> </New>


Next, start the Jetty server and try with "https://localhost:8443/."

JBoss :

For configuring SSL in JBoss, it's as similar as Tomcat. Just change the "${Path}/jboss-4.2.2.GA/server/default/deploy/jboss-web.deployer/server.xml" by uncommenting the line and adding the keystorepath & keystorepass as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Start the JBoss and access it in HTTPS://.

Now, just like that, we can access our application with "HTTP" as well as "HTTPS."

The Java Zone is brought to you in partnership with AppDynamics. AppDynamics helps you gain the fundamentals behind application performance, and implement best practices so you can proactively analyze and act on performance problems as they arise, and more specifically with your Java applications. Start a Free Trial.


The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}