Over a million developers have joined DZone.

HTTPS (SSL) : in Tomcat / Jetty / Jboss

· Java Zone

Microservices! They are everywhere, or at least, the term is. When should you use a microservice architecture? What factors should be considered when making that decision? Do the benefits outweigh the costs? Why is everyone so excited about them, anyway?  Brought to you in partnership with IBM.

In my earlier days of development, whenever I saw "https:// " in my web browser, I thought creating one such connection in my own app was rocket science.
But a number of years later, when I started digging, I saw how simple it was. Now, since I imagine others are going through what I went through then, I am going to share the basics of SSL and its configurations when accessing a server.

When you start implementing HTTPS, the first question is usually this:

What do we need to do in our application to support "Https"?

Well, first off, we don't have to change anything in our application to support "HTTPS." But the container we are deploying (like a Tomcat or JBoss server) needs to support HTTPS. I.e., we need to enable the SSL configuration in the server(s).

Before discussing the configuration in the servers, though, let's explore the basics of SSL.

A day-to-day example will help. When we enter into the office, we have to swipe our access cards to open the door. Imagine that the access card is a certificate (for encryption) to ensure secure communication between our office and us. This is what SSL is like. Take a look at the below definition:

Secure Socket Layer: A secured (encrypted) communication between web browsers and web servers.

Now take a look at the picture below. It shows the basic idea about the SSL.

SSL Communication

So let's configure the SSl. For SSL to operate, we need a certificate. The certificate can be generated by something called "keytool," a built-in Java tool.

For Windows: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA.        

For Unix: $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA.

While executing these commands, the below info will be prompted.

 Certificate Generation


The default location of the certificate is your home directory. If you want to change it, modify the path by introducing "-keystore /path/to/my/keystore."

Tomcat :

Now the final step is to configure our Tomcat with the certificate for SSL. Uncomment the following lines in the "%TOMCAT_HOME/conf/server.xml."

 <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

The above line contains the default SSL using JSSE with the keystore path as our "home path", and our password as "changeit." If we have generated the certificate using some other path or password, then we have to change the above line to what's shown here:


<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Now start Tomcat and try to access "https://localhost:8443/" in the port "8443"(we can change this later). Our SSL configuration is done. We can now put our Helloworld application in and access it with "Https://."


We can generate the certificate with the alias "jetty" and then configure that for Jetty by adding the following config in "${jetty_home}/etc/jetty.xml."

<!-- Add this connector code in jetty.xml -->
 <Call name="addConnector">
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
        <Arg><Ref id="sslContextFactory" /></Arg>
        <Set name="Port">8443</Set>
        <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
  </Call> <!-- Passwords and keystore location we are specifying --> <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="KeyStore">/home/karthikeyan/.keystore</Set> <Set name="KeyStorePassword">123456</Set> <Set name="KeyManagerPassword">123456</Set> <Set name="TrustStore">/home/karthikeyan/.keystore</Set> <Set name="TrustStorePassword">123456</Set> </New>


Next, start the Jetty server and try with "https://localhost:8443/."

JBoss :

For configuring SSL in JBoss, it's as similar as Tomcat. Just change the "${Path}/jboss-4.2.2.GA/server/default/deploy/jboss-web.deployer/server.xml" by uncommenting the line and adding the keystorepath & keystorepass as follows:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" keystoreFile="${custompath}/.keystore" keystorePass="123456"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Start the JBoss and access it in HTTPS://.

Now, just like that, we can access our application with "HTTP" as well as "HTTPS."

Discover how the Watson team is further developing SDKs in Java, Node.js, Python, iOS, and Android to access these services and make programming easy. Brought to you in partnership with IBM.


Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}