This article will walk you through how to configure SSL (https://localhost:8443 access) on Tomcat
For this you will need:
Java SDK (used version 6 for this tutorial)
Tomcat (used version 7 for this tutorial)
The set up consists in 3 basic steps:
1. Create a keystore file using Java
2. Configure Tomcat to use the keystore
3. Test whether SSL is setup or not?
1 – Creating a Keystore file using Java
First, open the terminal on your computer and type:
cd %JAVA_HOME%/bin
You will change the current directory to the directory Java is installed on your computer. Inside the Java Home directory, cd to the bin folder. Inside the bin folder there is a file named keytool. This is responsible for generating the keystore file for us.
Next, type on the terminal:
keytool -genkey -alias tomcat -keyalg RSA
When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):
01.
loiane:bin loiane$ keytool -genkey -alias tomcat -keyalg RSA
02.
Enter keystore password: password
03.
Re-enter new password: password
04.
What is your first and last name?
05.
[Unknown]: Loiane Groner
06.
What is the name of your organizational unit?
07.
[Unknown]: home
08.
What is the name of your organization?
09.
[Unknown]: home
10.
What is the name of your City or Locality?
11.
[Unknown]: Sao Paulo
12.
What is the name of your State or Province?
13.
[Unknown]: SP
14.
What is the two-letter country code for this unit?
15.
[Unknown]: BR
16.
Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?
17.
[no]: yes
18.
19.
Enter key password for
20.
(RETURN if same as keystore password): password
21.
Re-enter new password: password
It will create a .keystore file on your user home directory. On Windows, it will be on: C:\Documents and Settings\Gaurav.
2 – Configuring Tomcat for using the keystore file – SSL config
Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.
Find the following declaration:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
Uncomment it and modify it to look like the following:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
Note we add the keystoreFile, keystorePass and changed the protocol declarations.
3 – Let’s test it!
Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.
Note if you try to access the default 8080 port it will be working too: http://localhost:8080
For this you will need:
Java SDK (used version 6 for this tutorial)
Tomcat (used version 7 for this tutorial)
The set up consists in 3 basic steps:
1. Create a keystore file using Java
2. Configure Tomcat to use the keystore
3. Test whether SSL is setup or not?
1 – Creating a Keystore file using Java
First, open the terminal on your computer and type:
cd %JAVA_HOME%/bin
You will change the current directory to the directory Java is installed on your computer. Inside the Java Home directory, cd to the bin folder. Inside the bin folder there is a file named keytool. This is responsible for generating the keystore file for us.
Next, type on the terminal:
keytool -genkey -alias tomcat -keyalg RSA
When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):
01.
loiane:bin loiane$ keytool -genkey -alias tomcat -keyalg RSA
02.
Enter keystore password: password
03.
Re-enter new password: password
04.
What is your first and last name?
05.
[Unknown]: Loiane Groner
06.
What is the name of your organizational unit?
07.
[Unknown]: home
08.
What is the name of your organization?
09.
[Unknown]: home
10.
What is the name of your City or Locality?
11.
[Unknown]: Sao Paulo
12.
What is the name of your State or Province?
13.
[Unknown]: SP
14.
What is the two-letter country code for this unit?
15.
[Unknown]: BR
16.
Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?
17.
[no]: yes
18.
19.
Enter key password for
20.
(RETURN if same as keystore password): password
21.
Re-enter new password: password
It will create a .keystore file on your user home directory. On Windows, it will be on: C:\Documents and Settings\Gaurav.
2 – Configuring Tomcat for using the keystore file – SSL config
Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.
Find the following declaration:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
Uncomment it and modify it to look like the following:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
Note we add the keystoreFile, keystorePass and changed the protocol declarations.
3 – Let’s test it!
Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.
Note if you try to access the default 8080 port it will be working too: http://localhost:8080
