Configuring Tomcat for SSL….

Menaka Jayawardena
2 min readDec 11, 2017

Hi,

In this article let’s look at how to configure Apache Tomcat to use SSL.

In order to configure the Tomcat srever, first we need to generate a Key Store, which will be used by tomcat for SSL. We can use the Java keytool to generate a Keystore jks file. Invoke the following command with relevent parameters to create the keystore.

keytool -genkey -keyalg RSA -alias <alias> -keystore <name_of_the_keystore>.jks -storepass <password> -validity 360 -keysize 2048

Here is the parameters as per my example.

  • alias : tomcat
  • key store name: Keystore

After executing the above command we can see a new Keystore.jks file has been created.

Configure tomacat to use the new Keystore.jks

Open the server.xml file in <TOMCAT_HOME>/conf directory and find and uncomment the following connector configuration.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Then modify the above connector configuration and add the keystore file that we created. After all the configurations, it will be look like following.

<Connector port="8443" 
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="<path to your key store.jks>"
keystorePass="<password>" />

Start the server by running startup.sh.

Now in the browser go to https://localhost:8443 and you will see the following security exception.

Go ahead and accept the security exception and then we can see the tomcat landing page.

Screenshot (5-2)

Happy coding…!!!

Thanks

--

--