Configure 🔒 SSL on Apache Tomcat

Configure 🔒 SSL on Apache Tomcat

To set SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment. For the production environment, you should get a certificate from trusted providers such as Lets’ Encrypt.

Create SSL Certificate

To generate an SSL certificate run the following command:

keytool -genkey -alias tomcat -keyalg RSA -keystore mycertificate.cert

Then fill in the required information as shown in this example:

Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Stefan Pejcic
What is the name of your organizational unit?
  [Unknown]:  Servis
What is the name of your organization?
  [Unknown]:  Mega
What is the name of your City or Locality?
  [Unknown]:  Belgrade
What is the name of your State or Province?
  [Unknown]:  Serbia
What is the two-letter country code for this unit?
  [Unknown]:  RS
Is CN=Stefan Pejcic, OU=Servis, O=Mega, L=Belgrade, ST=Serbia, C=RS correct?
  [no]:  Yes

Enter key password for <tomcat>
	(RETURN if same as keystore password):
Re-enter new password:
Configure SSL on Apache Tomcat

After doing that the certificate is generated and we can now add it to Tomcat’s server.xml file.

TIP: To avoid any misplacement of the certificate, put it in the tomcat conf directory.

Enable SSL in Tomcat

To enable SSL in Tomcat you need to edit this file: ~Tomcat_Installation/conf/server.xml and add the following code:

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               keystoreFile="/Users/Stefan/tomcat/conf/mycertificate.cert"
	       clientAuth="false" sslProtocol="TLS" />

After saving changes to the server.xml file you should restart Tomcat.

See also  Introduction to Tomcat 🗃️Logging

Redirect HTTP to HTTPS

This step is optional and you should do it only if you want to redirect all HTTP requests to HTTPS.

Open the following file ~Tomcat_Installation/conf/server.xml and add the following code:

<Connector port="8090" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" />

And in ~Tomcat_Installation/conf/web.xml file add the following code just after all the servlet-mapping tags:

<security-constraint>
        <web-resource-collection>
               <web-resource-name>Entire Application</web-resource-name>
               <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
               <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>
whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.