Enable SSL/HTTPS On Tomcat Server


I am writing this post just to recollect (when needed) how to enable SSL/HTTPS on Tomcat sever for a J2EE web project, it could be Spring MVC project or a RESTful API or just any other dynamic web project which could use any framework, obviously it could help someone who's looking to achieve the same thing.

There are 3 main steps involved in configuring SSL/HTTPS on your Tomcat server:

1. Create a Self Signed Certificate/Keystore, in case you don't have one. The obvious question is How To Create A Self Signed Certificate/Keystore?

Open the command prompt as administrator and type the below command: 

"%JAVA_HOME%\bin"\keytool -genkeypair -alias suj -keyalg RSA -keypass sujPass -storepass sujPass -keystore C:\KeyStore\suj.keystore

- The above command would create a keystore named suj in the directory C:/KeyStore (make sure you have the folder created with the same name or change the command accordingly). 
- The password that I ve given is sujPass, if you look at the command there are two passwords, keyPass and storePass, make sure both the passwords are the same. 
- Also, make sure you have a variable with name JAVA_HOME added in your environment variables.

When you execute the above command, it would ask you for some basic questions, I think you should be able to answer them :P

2. Navigate to C:\apache-tomcat{version}\conf and open the server.xml file, un-comment the follwing tag:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"/>

and change it to

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
                                keystoreFile="C:\KeyStore\suj.keystore"
    keystorePass="sujPass"/>


3. Go to your project's web.xml file and add a security constraint, if it doesn't exist already

<security-constraint>
 <web-resource-collection>
  <web-resource-name>Secure URLs</web-resource-name>
  <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
</security-constraint>

In case you already have a security constraint tag, add the below tag within it

<user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

Now, restart your tomcat server and deploy the application. It should automatically redirect you to the port 8443. 

Share on Google+

About Sujit Horakeri

Sujit Horakeri is a game freak just like any other next door guy you would come across. He is a Web Developer by Profession, Game Developer by Choice.
Connect with him on:
    Blogger
    Facebook

0 comments:

Post a Comment