DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Modern Digital Website Security: Prepare to face any form of malicious web activity and enable your sites to optimally serve your customers.

Low-Code Development: Learn the concepts of low code, features + use cases for professional devs, and the low-code implementation process.

E-Commerce Development Essentials: Considering starting or working on an e-commerce business? Learn how to create a backend that scales.

Getting Started With Jenkins: Learn fundamentals that underpin CI/CD, how to create a pipeline, and when and where to use Jenkins.

Related

  • Deployment of Spring MVC App on a Local Tomcat Server
  • Java 21 Is a Major Step for Java: Non-Blocking IO and Upgraded ZGC
  • Performance Comparison — Thread Pool vs. Virtual Threads (Project Loom) In Spring Boot Applications
  • Connection Pooling With BoneCP, DBCP, and C3PO [Video Tutorials]

Trending

  • Master the Art of Data Security: A Complete Guide To Securing Data at Rest on Amazon S3
  • Empowering Secure Access: Unleashing the Potential of Microsoft Entra ID Application Proxy
  • Harnessing Integration Platforms To Unscramble the Data Mess
  • An Executive Architect’s Approach to FinOps: How AI and Automation Streamline Data Management
  1. DZone
  2. Coding
  3. Languages
  4. Setting Up SSL on Tomcat in 5 minutes

Setting Up SSL on Tomcat in 5 minutes

Loiane Groner user avatar by
Loiane Groner
·
Jul. 01, 11 · Interview
Like (13)
Save
Tweet
Share
365.6K Views

Join the DZone community and get the full member experience.

Join For Free

This tutorial will walk you through how to configure SSL (https://localhost:8443 access) on Tomcat in 5 minutes.

For this tutorial you will need:

  • Java SDK (used version 6 for this tutorial)
  • Tomcat (used version 7 for this tutorial)

The set up consists in 3 basic steps:

  1. Create a keystore file using Java
  2. Configure Tomcat to use the keystore
  3. Test it
  4. (Bonus ) Configure your app to work with SSL (access through https://localhost:8443/yourApp)

1 – Creating a Keystore file using Java

Fisrt, open the terminal on your computer and type:

Windows:

cd %JAVA_HOME%/bin

Linux or Mac OS:

cd $JAVA_HOME/bin

The $JAVA_HOME on Mac is located on “/System/Library/Frameworks/JavaVM.framework/Versions/{your java version}/Home/”

You will change the current directory to the directory Java is installed on your computer. Inside the Java Home directory, cd to the bin folder. Inside the bin folder there is a file named keytool. This guy is responsible for generating the keystore file for us.

Next, type on the terminal:

keytool -genkey -alias tomcat -keyalg RSA

When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):

loiane:bin loiane$ keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:  password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Loiane Groner
What is the name of your organizational unit?
  [Unknown]:  home
What is the name of your organization?
  [Unknown]:  home
What is the name of your City or Locality?
  [Unknown]:  Sao Paulo
What is the name of your State or Province?
  [Unknown]:  SP
What is the two-letter country code for this unit?
  [Unknown]:  BR
Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?
  [no]:  yes
 
Enter key password for
    (RETURN if same as keystore password):  password
Re-enter new password: password

It will create a .keystore file on your user home directory. On Windows, it will be on: C:Documents and Settings[username]; on Mac it will be on /Users/[username] and on Linux will be on /home/[username].

2 – Configuring Tomcat for using the keystore file – SSL config

Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.

Find the following declaration:

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
-->

Uncomment it and modify it to look like the following:

Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout="true" enableLookups="false" maxThreads="25"
    port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
    secure="true" sslProtocol="TLS" />

Note we add the keystoreFile, keystorePass and changed the protocol declarations.

3 – Let’s test it!

Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.

Note if you try to access the default 8080 port it will be working too: http://localhost:8080

4 – BONUS - Configuring your app to work with SSL (access through https://localhost:8443/yourApp)

To force your web application to work with SSL, you simply need to add the following code to your web.xml file (before web-app tag ends):

	
<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

The url pattern is set to /* so any page/resource from your application is secure (it can be only accessed with https). The transport-guarantee tag is set to CONFIDENTIAL to make sure your app will work on SSL.

If you want to turn off the SSL, you don’t need to delete the code above from web.xml, simply change CONFIDENTIAL to NONE.

Reference: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html (this tutorial is a little confusing, that is why I decided to write another one my own).

Happy Coding!


From http://loianegroner.com/2011/06/setting-up-ssl-on-tomcat-in-5-minutes-httpslocalhost8443/

Apache Tomcat

Opinions expressed by DZone contributors are their own.

Related

  • Deployment of Spring MVC App on a Local Tomcat Server
  • Java 21 Is a Major Step for Java: Non-Blocking IO and Upgraded ZGC
  • Performance Comparison — Thread Pool vs. Virtual Threads (Project Loom) In Spring Boot Applications
  • Connection Pooling With BoneCP, DBCP, and C3PO [Video Tutorials]
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: