Configuring Tomcat for SSL….

Menaka Jayawardena
2 min readDec 11, 2017

--

Hi,

In this article let’s look at how to configure Apache Tomcat to use SSL.

In order to configure the Tomcat srever, first we need to generate a Key Store, which will be used by tomcat for SSL. We can use the Java keytool to generate a Keystore jks file. Invoke the following command with relevent parameters to create the keystore.

keytool -genkey -keyalg RSA -alias <alias> -keystore <name_of_the_keystore>.jks -storepass <password> -validity 360 -keysize 2048

Here is the parameters as per my example.

  • alias : tomcat
  • key store name: Keystore

After executing the above command we can see a new Keystore.jks file has been created.

Configure tomacat to use the new Keystore.jks

Open the server.xml file in <TOMCAT_HOME>/conf directory and find and uncomment the following connector configuration.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Then modify the above connector configuration and add the keystore file that we created. After all the configurations, it will be look like following.

<Connector port="8443" 
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="<path to your key store.jks>"
keystorePass="<password>" />

Start the server by running startup.sh.

Now in the browser go to https://localhost:8443 and you will see the following security exception.

Go ahead and accept the security exception and then we can see the tomcat landing page.

Screenshot (5-2)

Happy coding…!!!

Thanks

--

--

No responses yet