11:35 AM
Setting Up HTTPS(SSL) on Apache Tomcat 7
This tutorial will help you to configure https (SSL/TLS Configuration) on
Apache Tomcat 7
I have used jdk1.8.0_131 and apache-tomcat-7.0.37
To enable SSL in tomcat we have to create keystore file (.keystore) and this
need to configure in tomcat conf/server.xml file.
1. Create keystore file
Open the cmd or terminal and goto java _home\bin
cd %JAVA_HOME%/bin
use keytool file to generate the required file.
Type the following in cmd/terminal
keytool -genkey -alias tomcathttps -keyalg RSA
When you type the command above, it will ask you some questions. First, it will
ask you to create a password. Please make sure alias name and password are same to avoid server startup error. In this case provide tomcathttps as password.
C:\Users\user\java> keytool -genkey -alias tomcathttps -keyalg RSA
Enter keystore password: tomcathttps
Re-enter new password: tomcathttps
What is your first and last name?
[Unknown]: Balasubramaniyam P
What is the name of your organizational unit?
[Unknown]: Retail
What is the name of your organization?
[Unknown]: APS
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: KA
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Balasubramaniyam P, OU=Retail, O=APS, L= Bangalore, ST=KA, C=IN correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password): tomcathttps
Re-enter new password: tomcathttps
This will create a .keystore file on your user home directory. On Windows, it
will be on: C:Documents and Settings[username].
2. Configuring keystore file in tomcat server.xml
Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.
Tomcat\apache-tomcat-7.0.37\conf\server.xml
Look for the following declaration in the server.xml
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
Uncomment it and modify it to look like the following:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="c:/users/Bala/.keystore" keystorePass="tomcathttps"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
3.Test your configuration
Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.
Default http port will also work fine.
4.Forcing web application to work with https
Need to configure the following in the web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Since we have given url-pattern is /*
all the pages will be accessed only in https. This
can be changed based on the
requirement.
If you want to turn off the SSL change CONFIDENTIAL to NONE in web.xml
Thanks.
Happy coding !
ref:http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
No comments
Post a Comment