Tuesday, October 8, 2013

Enable HTTPS/SSL on Tomcat Server

By default Tomcat server HTTPS or SSL is disabled. To enable this two steps need to be followed.

  1. Create a SSL certificate
  2. Enable the SSL Configuration

  • Create a SSL certificate

Tomcat server is based on JDK Environment, and JDK provides a tool to create a SSL certificate.
just execute a command Keytool from Command prompt or terminal as
keytool -genkey -alias <alias name> -keyalg <Encryption Algorithm> -keystore <keystore file path>

Here Alias name: can be any text
Encryption Algorithm: is usually RSA for cereating SSL certificate
keystore file path: path for the file to be created

During keystore creation process it will ask to set keystore password and Certificate details followed by tomcat password.
Once its done, our certificate for SSL is created & ready to use.

  • Enable the SSL Configuration
To enable SSL Configuration open server.xml inside tomcat server's conf directory.

Here search for

'<Connector port="8443"
               protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https"
               secure="true"
               clientAuth="false" sslProtocol="TLS" />'

Change it to

'Connector port="8443" 
               protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" 
               secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="<keystore file path>"
               keystorePass="<keystore password>" />'

Now we need restart tomcat server. on successfull restart our SSL is ready to use.
Navigate to "https://localhost:8443" in browser to test it.