Tools and Technologies used in this article :

  1. Tomcat 7.0.47

  2. JDK 7

Note : Here, I have used apache-tomcat-7.0.47.tar.gz binary distribution. Settings will be different for Tomcat native library (APR).

 

1. Create Keystore and Self-signed Certificate

Open command prompt and go to %JAVA_HOME%\bin. Use keytool to create JKS (Java KeyStore) format keystore and a self-signed certificate.

File: pom.xml
C:\jdk\bin>keytool -genkey -alias srccodes -keyalg RSA -keystore c:\tomcat7\conf\srccodes.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  SrcCodes Dot Com
What is the name of your organizational unit?
  [Unknown]:  SrcCodes.com
What is the name of your organization?
  [Unknown]:  SrcCodes Pvt. Ltd.
What is the name of your City or Locality?
  [Unknown]:  Kolkata
What is the name of your State or Province?
  [Unknown]:  WB
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=SrcCodes Dot Com, OU=SrcCodes.com, O=SrcCodes Pvt. Ltd., L=Kolkata, ST=WB, C=IN correct?
  [no]:  yes

Enter key password for <srccodes>
        (RETURN if same as keystore password):
Re-enter new password:
-keystore
Filepath (say "c:\tomcat7\conf\srccodes.jks") where keystore file will be generated.
keystore password
Password of the keystore to be used by Tomcat. If not provided, then default is "changeit".
key password
Password of the self-signed certificate generated in the keystore. If not provided, then it'll be same as keystore password.

 

2. Configure Tomcat

  1. Open <tomcat-installation-directory>/conf/server.xml in a text editor.

  2. Search for "Define a SSL HTTP/1.1 Connector on port 8443". Connector configuration will be commented there. Uncomment it.

    <!-- Define a SSL HTTP/1.1 Connector on port 8443
    	 This connector uses the JSSE configuration, when using APR, the
    	 connector should be using the OpenSSL style configuration
    	 described in the APR documentation -->
    <!--
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    		   maxThreads="150" scheme="https" secure="true"
    		   clientAuth="false" sslProtocol="TLS" />
    -->
    
  3. Provide keystoreFile, keystorePass and keyPass values as given in Step #1.

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    		   maxThreads="150" scheme="https" secure="true"
    		   clientAuth="false" sslProtocol="TLS" 
    		   keystoreFile="conf/srccodes.jks" 
    		   keystoreType="JKS"
    		   keystorePass="pass4keystore" 
    		   keyPass="pass4key" />
    

 

3. Check SSL / HTTPS setup

  1. Start the Tomcat server. Otherwise restart if already started.

  2. Open https://localhost:8443 in browser.

  3. In Firefox browser, you will get "This Connection is Untrusted" message.

    This Connection is Untrusted

    To proceed click "Add Exception..." button.

    Add Exception..

    You can view the generated certificate details in "Certificate Viewer" on clicking the "View" button available in the "Add Security Exception" window.

    Certificate Viewer

    On clicking "Confirm Security Exception" button, Tomcat's home page will be displayed.

    Tomcat's home page
Note : For production application, obtain certificate from certificate authority (like GeoTrust, Verisign, Thawte etc.) and import the same in local keystore.

 

Download SrcCodes

<tomcat-installation-directory>/conf/server.xml: GitHub

 

References