Configuring HTTPS in Tomcat

Pre Requisites:
1. Java   (i used version JDK 1.7) 
2. Tomcat (i used version Apache-tomcat-7.0.61)
We can do this in mainly 4 steps.
1. Create a keystore using java.
2. Configure Tomcat to use keystore.
3. Test it
4. Configuring our Application to work on HTTPS
1. Create a keystore using java
a) Open cmd and type cd “Program Files\Java\jdk1.7.0_25\bin”   
b) Now type keytool -genkey -alias tomcat -keyalg RSA  
After you typing and enter , this will ask you to enter password, then type your password, and after that it will ask you a series of questions, type the answers.
c) Lastly it will ask you: Enter key password for (RETURN if same as keystore  password): Now dont type anything hit the enter.
d) It will create .keysotre file at user home direcotry C:\Users\[user]\.keystore.
2. Configure Tomcat to use keystore.
a) Now goto your tomcat installation directory and enter into conf folder. There you will find the server.xml file
b) Find the following snippet
<!– <Connector port="8443"  protocol=”org.apache.coyote.http11.Http11Protocol”
     maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true”
       clientAuth=”false” sslProtocol=”TLS” /> –>
Uncomment it and configure it to find the keystore location, and provide the keystore passoword. Chage it so that it shoutld look like below
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout=”true” enableLookups=”false” maxThreads=”25″
    port=”8443″ keystoreFile=”c:/Users/[user]/.keystore”  keystorePass=”password”
    protocol=”org.apache.coyote.http11.Http11NioProtocol” scheme=”https”
secure=”true” sslProtocol=”TLS” />
3. Test it
a) Now start the server, and open browser and type https://localhost:8443/
b) If you observe http://localhost:8080/ also working.
4. Configuring our application to work on HTTPS
a) To make our application to work with the SSL, add the followg the snippet in the web.xml file
    
        securedapp
        /*
    
    
        CONFIDENTIAL
    

b) Notice that transport-guarantee is set to CONFIDENTICAL
      is to make the applcation work with the SSL
C) If you want to turn off the SSL, you don’t need to delete the code above 
     from web.xml,  simply change CONFIDENTIAL to NONE.

References : 

Advertisements

About sivateja

I am a professional graduate..I am passionate about Latest Technology.
This entry was posted in SSL, Tomcat. Bookmark the permalink.

One Response to Configuring HTTPS in Tomcat

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s