HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.
1. The tools
- Java JDK 8
- Tomcat Server 8
2. Introduction
It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users.
3. Prerequisites
- JDK installed
- Tomcat 8 installed and running
4. Download Tomcat
Go to the page https://tomcat.apache.org/download-80.cgi and download the tomcat server as a zip compressed file for windows.
5. Tomcat Installation
5.1 Uncompress Apache Tomcat
Choose an installation directory and uncompress the Tomcat server in its own directory.
5.2 Install the Tomcat service
Open the Windows terminal and go to the Tomcat Installation bin directory.
Tomcat installation directory
C:\Java\Apache Tomcat 8.0.15\bin>
Install the service with the following command:
Install Tomcat service
C:\Java\Apache Tomcat 8.0.15\bin>service install
You should get an output similar to this:
install Tomcat output
Installing the service 'Tomcat8' ... Using CATALINA_HOME: "C:\Java\Apache Tomcat 8.0.15" Using CATALINA_BASE: "C:\Java\Apache Tomcat 8.0.15" Using JAVA_HOME: "C:\Java\jdk1.8.0_40" Using JRE_HOME: "C:\Java\jre1.8.0_40" Using JVM: "C:\Java\jre1.8.0_40\bin\client\jvm.dll" The service 'Tomcat8' has been installed.
5.3 Start the Tomcat service
Start the service with the following command:
Start tomcat output
C:\Java\Apache Tomcat 8.0.15\bin>sc start Tomcat8
You should get an output similar to the following:
console
SERVICE_NAME: Tomcat8
TYPE : 10 WIN32_OWN_PROCESS
STATUS : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_OUTPUT_CODE : 0 (0x0)
SERVICE_OUTPUT_CODE: 0 (0x0)
CHECK-POINT : 0x0
START-INDICATOR : 0x7d0
PID : 5552
MARKS :
5.4 Check that tomcat is running
Open your browser in the URL http://localhost:8080 and you should see the following page:
5.5 Stop the Tomcat service
Stop the service with the following command:
Stop tomcat
C:\Java\Apache Tomcat 8.0.15\bin>sc stop Tomcat8
6. Tomcat Configuration
6.1 Define tomcat user
Edit the file [Tomcat install dir]->conf->tomcat-users.xml In this file we are going to create a username and a password to access the tomcat web admin. If you didn’t define the user, add the following lines to the end of the xml file, inside the tomcat-users tag.
Tomcat Users
<role rolename="admin"/> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <user password="admin" roles="admin,admin-gui,manager-gui" username="admin"/>
We defined the user admin with the password admin. This user is only for the purpose of this tutorial.
6.2 Start Tomcat again
This time we are going to start tomcat using the provided startup script in the tomcat bin directory, in Windows the script is startup.bat, in Linux and Mac is startup.sh
when you start tomcat a console log file is displayed:
Tomcat log
18-Jun-2016 13:34:22.356 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of configuration descriptor C:\Java\apache-tomcat-8.0.23\conf\Catalina\localhost\WebAppNB.xml has finished in 33 ms 18-Jun-2016 13:34:22.389 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\docs de la aplicaci¾n web 18-Jun-2016 13:34:23.083 INFO [localhost-startStop-1] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [176] milliseconds. 18-Jun-2016 13:34:23.166 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\docs has finished in 777 ms 18-Jun-2016 13:34:23.168 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\examples de la aplicaci¾n web 18-Jun-2016 13:34:25.619 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\examples has finished in 2.451 ms 18-Jun-2016 13:34:25.620 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\host-manager de la aplicaci¾n web 18-Jun-2016 13:34:25.719 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\host-manager has finished in 99 ms 18-Jun-2016 13:34:25.722 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\manager de la aplicaci¾n web 18-Jun-2016 13:34:25.833 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\manager has finished in 111 ms 18-Jun-2016 13:34:25.835 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Despliegue del directorio C:\Java\apache-tomcat-8.0.23\webapps\ROOT de la aplicaci¾n web 18-Jun-2016 13:34:25.930 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory C:\Java\apache-tomcat-8.0.23\webapps\ROOT has finished in 95 ms 18-Jun-2016 13:34:25.937 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-apr-8080"] 18-Jun-2016 13:34:25.981 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-apr-8009"] 18-Jun-2016 13:34:25.985 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 4475 ms
In this log you can see the port that tomcat is using to start the server. In this case the port is 8080 as stated here 18-Jun-2016 13:34:25.937 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-apr-8080"]
Now you know that your service is running and your user is working good.
6.3 Stop Tomcat
Stop tomcat using the provided shutdown script in the tomcat bin directory, in Windows the script is shutdown.bat, in Linux and Mac is shutdown.sh
6.4 Create a SSL Certificate
Run the following command to generate the certificate to make Tomcat support SSL.
Generate Certificate
keytool -genkey -alias tomcat -keyalg RSA -keystore C:\Java\apache-tomcat-8.0.23\keystore\tomcat
The tool is going to ask some questions to feed the certificate.
The certificate is going to be in the folder C:\Java\apache-tomcat-8.0.23\keystore\ and the name of the certificate is tomcat.
you Can check the certificate with the command keytool -list -keystore C:\Java\apache-tomcat-8.0.23\keystore\tomcat
6.5 Use the certificate in Tomcat
Edit the file [Tomcat Dir]->conf->server.xml and add a SSL connector.
Connector
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Java\apache-tomcat-8.0.23\keystore\tomcat"
keystorePass="changeit" />
Restart tomcat and you are done.
7. Running the example
In the tomcat bin directory, run the script startup.bat. In the log of tomcat now you can see the line:
HTTPS
18-Jun-2016 17:18:52.557 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"]
This line is telling you that the port 8443 used in the server configuration file is used by tomcat and now you can know that SSL is working in tomcat and you can use the HTTPS protocol.
8. Results
Open your browser in the URL https://localhost:8443/ and you can see the Tomcat Server running in HTTPS
The yellow warning icon on the side of the the HTTPS URI indicates that the certificate in not recognized by the browser because this certificate was generated by yourself, to get the browser recognize the certificate you need to get a certificate from a recognized authority.
