This tutorial shows how to enable SSL support for Apache Tomcat web server.
Requirement
Generating the KeyStore file:
*) Create a keystore file to store the server's private key and self-signed certificate by executing the following
Enter general information about this Certificate. The example is the image below. In the last line, Enter key password for (tomcat) should be the same as you enter before.Note that this information will be displayed to users who attempt to access a secure page.
*) The file .keystore will be created on your account. (Currently, I use administrator account so it’ll be in
Add new attribute
keystoreFile="PATH\TO\KEYSTORE\.keystore"
Requirement
*) Apache Tomcat 5.0
*) JDK 1.5
Note: if you have JDK below 1.4, you need to install Java Secure Socket Extensions (JSSE)
To install and configure SSL support on Tomcat, you need to follow these simple steps.
*) JDK 1.5
Note: if you have JDK below 1.4, you need to install Java Secure Socket Extensions (JSSE)
To install and configure SSL support on Tomcat, you need to follow these simple steps.
Generating the KeyStore file:
*) Create a keystore file to store the server's private key and self-signed certificate by executing the following
command.
*) Enter command line and change directory to your JAVA\bin folder. (Default path is: C:\Program
*) Enter command line and change directory to your JAVA\bin folder. (Default path is: C:\Program
Files\Java\jre6\bin).
*) Type “keytool –genkey –alias tomcat –keyalg RSA" and press Enter.
Where tomcat is an alias name and RSA is a key algorithm.
*) Type your password for the keystore. (Default password is: changeit). In this example, I’ll use password as “password"
*) Type “keytool –genkey –alias tomcat –keyalg RSA" and press Enter.
Where tomcat is an alias name and RSA is a key algorithm.
*) Type your password for the keystore. (Default password is: changeit). In this example, I’ll use password as “password"
Enter general information about this Certificate. The example is the image below. In the last line, Enter key password for (tomcat) should be the same as you enter before.Note that this information will be displayed to users who attempt to access a secure page.
*) The file .keystore will be created on your account. (Currently, I use administrator account so it’ll be in
C:\Documents and Settings\Administrator).
I have copied the .keystore file and placed in tomcat folder.
Configure Tomcat:
I have copied the .keystore file and placed in tomcat folder.
Configure Tomcat:
*) Open server.xml in Tomcat\conf folder. (Default path is: C:\Program Files\Apache Software
Foundation\Tomcat x.x\conf).
*) Uncomment the paragraph below this line
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -->
*) Uncomment the paragraph below this line
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -->
Add new attribute
keystoreFile="PATH\TO\KEYSTORE\.keystore"
keystorePass=”password” to the Connector element. If you haven’t change keystore’s password, you
don’t have to add this attribute.
Chnage protocol="org.apache.coyote.http11.Http11NioProtocol"
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\software\apache-tomcat-7.0.23-windows-x64\apache-tomcat-7.0.23\.keystore" keystorePass="password" />
*) Save and restart Apache Tomcat service.
Test the result:
Open browser and navigate to the Apache Tomcat server with https://localhost:8443
Chnage protocol="org.apache.coyote.http11.Http11NioProtocol"
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\software\apache-tomcat-7.0.23-windows-x64\apache-tomcat-7.0.23\.keystore" keystorePass="password" />
*) Save and restart Apache Tomcat service.
Test the result:
Open browser and navigate to the Apache Tomcat server with https://localhost:8443