If you are running tomcat server that runs only on HTTP, follow the 2 easy steps mentioned below, to configure tomcat for SSL.
1. Create Keystore using Java keytool
First use the keytool to create a java keystore as shown below. Make sure to note down the password that you enter while creating the keystore.
# $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Ramesh Natarajan What is the name of your organizational unit? [Unknown]: Development What is the name of your organization? [Unknown]: What is the name of your City or Locality? [Unknown]: Los Angeles What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=Ramesh, OU=Development, O=Unknown, L=Los Angeles, ST=CA, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password):
This will create the .keystore file under the /root home directory as shown below.
# ls -l /root/.keystore -rw-r--r-- 1 root root 1391 Apr 6 11:19 .keystore
2. Modify the server.xml file
Locate the conf/server.xml file located under the tomcat directory. If the Connector port=”8443″ is commented out, you should uncomment it first. Please note that the comments in the server.xml file are enclosed in <!– and –> as shown below. You should remove the 1st and last line from the following code snippet.
# vi server.xml
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
Now, add the keystore information to the server.xml as shown below. Replace the your-key-password with the password you provided in the step 1 while creating the keystore.
# vi server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/root/.keystore" keystorePass="your-key-password"
clientAuth="false" sslProtocol="TLS" />
Finally, restart the tomcat server and access the application using https://{your-ip-address}:8443/
My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about
Comments on this entry are closed.
Thanks a lot for this new method ..
But there is a easy way …., we can edit /etc/httpd/conf.d/ssl.conf
we can add this line in default vhost configuration …
ProxyRequests off
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
if you cannot find ssl.conf , you can install mod_ssl with yum ..
Thanks & regds
saiju
on watever port tomcat is running …
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Hi,
Very useful article…
How about a stupid question.
How do you enable SSL with a SIGNED certificate? This is what I have:
change server.xml:
and that’s it. Right?
Hi Ramesh,
I tried to do this on my Windows machine. Where does it create the “.keystore” file?
keytool -genkey -alias tomcat -keyalg RSA
Thanks,
Sudhakara Atluri.
How do we remove 8443 from the URL for production site?
Hi Ramesh,
I have a question.
I have crt file and key. So how should I configure tomcat for SSL with those two files.
Please help me.
Thanks,
Gihan
I tried it on ubuntu 12.04 after genrating key did the following changes in server.xml :
described in the APR documentation –>
but it did not work.
I know that this thread or page is really old, but I am having an issue after following the steps.
I have checked the following:
1) .keystore is generated [OK].
2) Updated server.xml properly with exact path in keyfile section, all case are proper [OK].
3) No errors in catalina.out [OK].
After restarting tomcat, I can still access the normal port 8080, but when I access 8443… the page loading is taking forever.
Any idea?
Thanks.
Hello,
Can I use different ports(not 8443 or 443) for ssl configuration in tomcat? I have 3 different applications running on same server. All 3 needs ssl configuration in tomcat. Any help is appreciated.