2 Easy Steps to Enable SSL/HTTP on Tomcat server
2 Easy Steps to Enable SSL / HTTPS on Tomcat Server
If you are running tomcat server that runs only on HTTP, follow the 2 easy steps mentioned below, to configure tomcat for SSL.
1. Create Keystore using Java keytool
First use the keytool to create a java keystore as shown below. Make sure to note down the password that you enter while creating the keystore.
# $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Ramesh Natarajan What is the name of your organizational unit? [Unknown]: Development What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: Los Angeles What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=Ramesh, OU=Development, O=Unknown, L=Los Angeles, ST=CA, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password):
This will create the .keystore file under the /root home directory as shown below.
# ls -l /root/.keystore -rw-r--r-- 1 root root 1391 Apr 6 11:19 .keystore
2. Modify the server.xml file
Locate the conf/server.xml file located under the tomcat directory. If the Connector port=”8443″is commented out, you should uncomment it first. Please note that the comments in the server.xml file are enclosed in <!– and –> as shown below. You should remove the 1st and last line from the following code snippet.
# vi server.xml <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
Now, add the keystore information to the server.xml as shown below. Replace the your-key-password with the password you provided in the step 1 while creating the keystore.
# vi server.xml <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="/root/.keystore" keystorePass="your-key-password" clientAuth="false" sslProtocol="TLS" />
Finally, restart the tomcat server and access the application using https://{your-ip-address}:8443/