Home » Enterprise Java » Tomcat » Apache Tomcat SSL Configuration Tutorial

About Jesus Boadas

I'm a self taught programmer, I began programming back in 1991 using an IBM A10 mainframe with Pascal an Assembler IBM 360/70 emulator and Turbo C on a X86 PC, since that I work for the banking industry with emerging technologies like Fox Pro, Visual Fox Pro, Visual Basic, Visual C++, Borland C++, lately I moved out to the Airline industry, leading designing and programming in-house web applications with Flex, Actionscript, PHP, Python and Rails and in the last 7 years I focused all my work in Java, working on Linux servers using GlassFish, TomCat, Apache and MySql.

Apache Tomcat SSL Configuration Tutorial

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.
 
 
 
 
 
 
 
 
 

1. The tools

  • Java JDK 8
  • Tomcat Server 8

2. Introduction

It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users.

3. Prerequisites

  • JDK installed
  • Tomcat 8 installed and running

4. Download Tomcat

Go to the page https://tomcat.apache.org/download-80.cgi and download the tomcat server as a zip compressed file for windows.

1 Download Tomcat for Windows

1 Download Tomcat for Windows

5. Tomcat Installation

5.1 Uncompress Apache Tomcat

Choose an installation directory and uncompress the Tomcat server in its own directory.

2 Uncompress Tomcat

2 Uncompress Tomcat

5.2 Install the Tomcat service

Open the Windows terminal and go to the Tomcat Installation bin directory.

Tomcat installation directory

C:\Java\Apache Tomcat 8.0.15\bin>

Install the service with the following command:

Install Tomcat service

C:\Java\Apache Tomcat 8.0.15\bin>service install

You should get an output similar to this:

install Tomcat output

Installing the service 'Tomcat8' ...
Using CATALINA_HOME:    "C:\Java\Apache Tomcat 8.0.15"
Using CATALINA_BASE:    "C:\Java\Apache Tomcat 8.0.15"
Using JAVA_HOME:        "C:\Java\jdk1.8.0_40"
Using JRE_HOME:         "C:\Java\jre1.8.0_40"
Using JVM:              "C:\Java\jre1.8.0_40\bin\client\jvm.dll"
The service 'Tomcat8' has been installed.

5.3 Start the Tomcat service

Start the service with the following command:

Start tomcat output

C:\Java\Apache Tomcat 8.0.15\bin>sc start Tomcat8

You should get an output similar to the following:

console

SERVICE_NAME: Tomcat8
        TYPE               : 10  WIN32_OWN_PROCESS
        STATUS             : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_OUTPUT_CODE  : 0  (0x0)
        SERVICE_OUTPUT_CODE: 0  (0x0)
        CHECK-POINT        : 0x0
        START-INDICATOR    : 0x7d0
        PID                : 5552
        MARKS              :

5.4 Check that tomcat is running

Open your browser in the URL http://localhost:8080 and you should see the following page:

3 Tomcat Welcome Screen

3 Tomcat Welcome Screen

5.5 Stop the Tomcat service

Stop the service with the following command:

Stop tomcat

C:\Java\Apache Tomcat 8.0.15\bin>sc stop Tomcat8

6. Tomcat Configuration

6.1 Define tomcat user

Edit the file [Tomcat install dir]->conf->tomcat-users.xml In this file we are going to create a username and a password to access the tomcat web admin. If you didn’t define the user, add the following lines to the end of the xml file, inside the tomcat-users tag.

Tomcat Users

  <role rolename="admin"/>
  <role rolename="admin-gui"/>
  <role rolename="manager-gui"/>
  <user password="admin" roles="admin,admin-gui,manager-gui" username="admin"/>

We defined the user admin with the password admin. This user is only for the purpose of this tutorial.

6.2 Start Tomcat again

This time we are going to start tomcat using the provided startup script in the tomcat bin directory, in Windows the script is startup.bat, in Linux and Mac is startup.sh

4 Tomcat startup script

4 Tomcat startup script

when you start tomcat a console log file is displayed:

Tomcat log

18-Jun-2016 13:34:22.356 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of configuration descriptor C:\Java\apache-tomcat-8.0.23\conf\Catalina\localhost\WebAppNB.xml has finished in 33 ms
18-Jun-2016 13:34:22.389 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\docs de la aplicaci¾n web
18-Jun-2016 13:34:23.083 INFO [localhost-startStop-1] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [176] milliseconds.
18-Jun-2016 13:34:23.166 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\docs has finished in 777 ms
18-Jun-2016 13:34:23.168 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\examples de la aplicaci¾n web
18-Jun-2016 13:34:25.619 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\examples has finished in 2.451 ms
18-Jun-2016 13:34:25.620 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\host-manager de la aplicaci¾n web
18-Jun-2016 13:34:25.719 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\host-manager has finished in 99 ms
18-Jun-2016 13:34:25.722 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\manager de la aplicaci¾n web
18-Jun-2016 13:34:25.833 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\manager has finished in 111 ms
18-Jun-2016 13:34:25.835 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\ROOT de la aplicaci¾n web
18-Jun-2016 13:34:25.930 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\ROOT has finished in 95 ms
18-Jun-2016 13:34:25.937 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-apr-8080"]
18-Jun-2016 13:34:25.981 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-apr-8009"]
18-Jun-2016 13:34:25.985 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in 4475 ms

In this log you can see the port that tomcat is using to start the server. In this case the port is 8080 as stated here 18-Jun-2016 13:34:25.937 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-apr-8080"]

Now you know that your service is running and your user is working good.

6.3 Stop Tomcat

Stop tomcat using the provided shutdown script in the tomcat bin directory, in Windows the script is shutdown.bat, in Linux and Mac is shutdown.sh

6.4 Create a SSL Certificate

Run the following command to generate the certificate to make Tomcat support SSL.

Generate Certificate

keytool -genkey -alias tomcat -keyalg RSA -keystore C:\Java\apache-tomcat-8.0.23\keystore\tomcat

The tool is going to ask some questions to feed the certificate.

The certificate is going to be in the folder C:\Java\apache-tomcat-8.0.23\keystore\ and the name of the certificate is tomcat.

you Can check the certificate with the command keytool -list -keystore C:\Java\apache-tomcat-8.0.23\keystore\tomcat

6.5 Use the certificate in Tomcat

Edit the file [Tomcat Dir]->conf->server.xml and add a SSL connector.

Connector

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
			   keystoreFile="C:\Java\apache-tomcat-8.0.23\keystore\tomcat"
	           keystorePass="changeit" />

Restart tomcat and you are done.

7. Running the example

In the tomcat bin directory, run the script startup.bat. In the log of tomcat now you can see the line:

HTTPS

18-Jun-2016 17:18:52.557 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"]

This line is telling you that the port 8443 used in the server configuration file is used by tomcat and now you can know that SSL is working in tomcat and you can use the HTTPS protocol.

8. Results

Open your browser in the URL https://localhost:8443/ and you can see the Tomcat Server running in HTTPS

5 Run the application

5 Run the application

The yellow warning icon on the side of the the HTTPS URI indicates that the certificate in not recognized by the browser because this certificate was generated by yourself, to get the browser recognize the certificate you need to get a certificate from a recognized authority.

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!

 

1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

6. Spring Interview Questions

7. Android UI Design

 

and many more ....

 

Receive Java & Developer job alerts in your Area

I have read and agree to the terms & conditions

 

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments