DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Coding
  3. Java
  4. HTTPS (SSL) : in Tomcat / Jetty / Jboss

HTTPS (SSL) : in Tomcat / Jetty / Jboss

Karthikeyan Kanagaraj user avatar by
Karthikeyan Kanagaraj
·
Jul. 16, 12 · Interview
Like (0)
Save
Tweet
Share
14.95K Views

Join the DZone community and get the full member experience.

Join For Free

In my earlier days of development, whenever I saw "https:// " in my web browser, I thought creating one such connection in my own app was rocket science.
But a number of years later, when I started digging, I saw how simple it was. Now, since I imagine others are going through what I went through then, I am going to share the basics of SSL and its configurations when accessing a server.

When you start implementing HTTPS, the first question is usually this:

What do we need to do in our application to support "Https"?


Well, first off, we don't have to change anything in our application to support "HTTPS." But the container we are deploying (like a Tomcat or JBoss server) needs to support HTTPS. I.e., we need to enable the SSL configuration in the server(s).

Before discussing the configuration in the servers, though, let's explore the basics of SSL.

A day-to-day example will help. When we enter into the office, we have to swipe our access cards to open the door. Imagine that the access card is a certificate (for encryption) to ensure secure communication between our office and us. This is what SSL is like. Take a look at the below definition:

Secure Socket Layer: A secured (encrypted) communication between web browsers and web servers.

Now take a look at the picture below. It shows the basic idea about the SSL.

SSL Communication

So let's configure the SSl. For SSL to operate, we need a certificate. The certificate can be generated by something called "keytool," a built-in Java tool.

For Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA.        

For Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA.

While executing these commands, the below info will be prompted.

 Certificate Generation

 

The default location of the certificate is your home directory. If you want to change it, modify the path by introducing "-keystore /path/to/my/keystore."

Tomcat :

Now the final step is to configure our Tomcat with the certificate for SSL. Uncomment the following lines in the "%TOMCAT_HOME/conf/server.xml."

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />


The above line contains the default SSL using JSSE with the keystore path as our "home path", and our password as "changeit." If we have generated the certificate using some other path or password, then we have to change the above line to what's shown here:

 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />


Now start Tomcat and try to access "https://localhost:8443/" in the port "8443"(we can change this later). Our SSL configuration is done. We can now put our Helloworld application in and access it with "Https://."

Jetty:

We can generate the certificate with the alias "jetty" and then configure that for Jetty by adding the following config in "${jetty_home}/etc/jetty.xml."

<!-- Add this connector code in jetty.xml -->
 <Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
        <Arg><Ref id="sslContextFactory" /></Arg>
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
      </New>
    </Arg>
  </Call> <!-- Passwords and keystore location we are specifying --> <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="KeyStore">/home/karthikeyan/.keystore</Set> <Set name="KeyStorePassword">123456</Set> <Set name="KeyManagerPassword">123456</Set> <Set name="TrustStore">/home/karthikeyan/.keystore</Set> <Set name="TrustStorePassword">123456</Set> </New>

 

Next, start the Jetty server and try with "https://localhost:8443/."

JBoss :

For configuring SSL in JBoss, it's as similar as Tomcat. Just change the "${Path}/jboss-4.2.2.GA/server/default/deploy/jboss-web.deployer/server.xml" by uncommenting the line and adding the keystorepath & keystorepass as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />



Start the JBoss and access it in HTTPS://.

Now, just like that, we can access our application with "HTTP" as well as "HTTPS."

HTTPS Apache Tomcat JBoss Jetty (web server)

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How Do the Docker Client and Docker Servers Work?
  • API Design Patterns Review
  • How and Why You Should Start Automating DevOps
  • What Was the Question Again, ChatGPT?

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: