If you are running tomcat server that runs only on HTTP, follow the 2 easy steps mentioned below, to configure tomcat for SSL.
1. Create Keystore using Java keytool
First use the keytool to create a java keystore as shown below. Make sure to note down the password that you enter while creating the keystore.
# $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Ramesh Natarajan What is the name of your organizational unit? [Unknown]: Development What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: Los Angeles What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=Ramesh, OU=Development, O=Unknown, L=Los Angeles, ST=CA, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password):
This will create the .keystore file under the /root home directory as shown below.
# ls -l /root/.keystore -rw-r--r-- 1 root root 1391 Apr 6 11:19 .keystore
2. Modify the server.xml file
Locate the conf/server.xml file located under the tomcat directory. If the Connector port=”8443″ is commented out, you should uncomment it first. Please note that the comments in the server.xml file are enclosed in <!– and –> as shown below. You should remove the 1st and last line from the following code snippet.
# vi server.xml
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
Now, add the keystore information to the server.xml as shown below. Replace the your-key-password with the password you provided in the step 1 while creating the keystore.
# vi server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/root/.keystore" keystorePass="your-key-password"
clientAuth="false" sslProtocol="TLS" />
Finally, restart the tomcat server and access the application using https://{your-ip-address}:8443/
Linux provides several powerful administrative tools and utilities which will help you to manage your systems effectively. If you don’t know what these tools are and how to use them, you could be spending lot of time trying to perform even the basic administrative tasks. The focus of this course is to help you understand system administration tools, which will help you to become an effective Linux system administrator.Get the Linux Sysadmin Course Now!
If you enjoyed this article, you might also like..
|
|
|
|
My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about
{ 5 comments… read them below or add one }
Thanks a lot for this new method ..
But there is a easy way …., we can edit /etc/httpd/conf.d/ssl.conf
we can add this line in default vhost configuration …
ProxyRequests off
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
if you cannot find ssl.conf , you can install mod_ssl with yum ..
Thanks & regds
saiju
on watever port tomcat is running …
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Hi,
Very useful article…
How about a stupid question.
How do you enable SSL with a SIGNED certificate? This is what I have:
change server.xml:
and that’s it. Right?
Hi Ramesh,
I tried to do this on my Windows machine. Where does it create the “.keystore” file?
keytool -genkey -alias tomcat -keyalg RSA
Thanks,
Sudhakara Atluri.