Nikos Maravitsas

About Nikos Maravitsas

Nikos has graduated from the Department of Informatics and Telecommunications of The National and Kapodistrian University of Athens. Currently, his main interests are system’s security, parallel systems, artificial intelligence, operating systems, system programming, telecommunications, web applications, human – machine interaction and mobile development.

How To Configure Tomcat To Support SSL Or Https

In this short example we are going to see how to configure Tomcat to support SSL protocol, and thus https connections.

1. Create a Self – Signed Certificate for the Server

For SSL to work (properly) it is obligatory for the  Server to identify himself to the client. To do that, the Server will need a certificate. Of course, when deploying a sercure Web Server in the wild, you need a Certificate that is signed from a well known and trusted Certificate Authority, like Verisign. But in this example we are going to create a Self – Signed certificate. That is, a Certificate signed by the issuer himself. As you will see, the browser (the client) will recognise that and will require our attention on whether to trust the server or not.

It is very easy to create a Self – Signed Certificate. There are many tools to choose from, that perform that kind of operations, like openssl. In our example we are going to use keytool which is command line utility that comes with Java JDK. It is located in your JDK_HOME/bin folder.

That is the command that I’ve issued to create a Self – Signed Certificate :

F:\nikos7\Desktop>keytool -genkey -alias javacodegeeks -keyalg RSA -keystore F:\nikos7\Desktop\keystore

Here is an image of the terminal:

keytool

There are the options that were used:

  • -genkey : to generate a Public and a Private key pair. The public key will be available on the Server’s Certificate. The private key must remain private to the Server.
  • -alias : to define a unique alias for the keystore.
  • -keyalg : to define the Algorithm to use for generating the key pair. In our case we use RSA.
  • -keystore : to define the location to store the certificate and the key pair.

A keystore is a secure storage facility for cryptographic keys and certificates. Each one of them is accessed by a unique alias and a password.

2. Configure Tomcat to Use SSL.

Now we need to configure Tomcat to accept connections with HTTPS. We need to dicate to the server to use our keystore to provide a valid certificate to the client.

You need to go to CATALINA_BASE/conf folder and edit the server.xml file that you will find there. Paste the following XML code it it:

server.xml:

.
.
.
 <Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
         keystoreFile="F:\nikos7\Desktop\keystore"
         keystorePass="1234567" />
.
.
.

This will define a new Tomcat Connector. A Connector is the Tomcat module that enables the server to accept requests, pass them to the requested Web Application, and forward responses and dynamic content to the outside world. To define a Connector you need to specify the port it’s going to listen, the protocol to accept as well as several other aspects like maximun number of threads to deploy etc. In our case we also turn on the SSL flags and we specify the path and the password to our keystore. Finally, you need to restart Tomcat.

Now, when you put that URL on your browser:

https://localhost:8444/

You are propably going to get a worning saying that you are about to visit an untrusted Web Site. If you accept the risk and continue you should get something like this in your browser:

web-browser

Notice the red https mark on the URL bar. That means that our browser does not trust the Web Site, because he cannot validate the Certificate Authority that signed the Certificated provided by the Server.

This was an example on how to configure Tomcat to Support SSL or https.

Related Whitepaper:

Java Essential Training

Author David Gassner explores Java SE (Standard Edition), the language used to build mobile apps for Android devices, enterprise server applications, and more!

The course demonstrates how to install both Java and the Eclipse IDE and dives into the particulars of programming. The course also explains the fundamentals of Java, from creating simple variables, assigning values, and declaring methods to working with strings, arrays, and subclasses; reading and writing to text files; and implementing object oriented programming concepts. Exercise files are included with the course.

Get it Now!  

Examples Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy
All trademarks and registered trademarks appearing on Examples Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Examples Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.
Do you want to know how to develop your skillset and become a ...
Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

Get ready to Rock!
You can download the complementary eBooks using the links below:
Close