1. Generate keystore using Java keystore tool
2. Modify server xml to enable htts, chnage port to 443, chnage http redirect port to 443
https://dzone.com/articles/setting-ssl-tomcat-5-minutes
2. Modify server xml to enable htts, chnage port to 443, chnage http redirect port to 443
https://dzone.com/articles/setting-ssl-tomcat-5-minutes
This tutorial will walk you through how to configure SSL (https://localhost:8443 access) onTomcat in 5 minutes.
For this tutorial you will need:
The set up consists in 3 basic steps:
- Create a keystore file using Java
- Configure Tomcat to use the keystore
- Test it
- (Bonus ) Configure your app to work with SSL (access through https://localhost:8443/yourApp)
1 – Creating a Keystore file using Java
Fisrt, open the terminal on your computer and type:
Windows:
Linux or Mac OS:
The $JAVA_HOME on Mac is located on “/System/Library/Frameworks/JavaVM.framework/Versions/{your java version}/Home/”
You will change the current directory to the directory Java is installed on your computer. Inside the Java Home directory, cd to the bin folder. Inside the bin folder there is a file named keytool. This guy is responsible for generating the keystore file for us.
Next, type on the terminal:
When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):
It will create a .keystore file on your user home directory. On Windows, it will be on: C:Documents and Settings[username]; on Mac it will be on /Users/[username] and on Linux will be on /home/[username].
2 – Configuring Tomcat for using the keystore file – SSL config
Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find theserver.xml file. Open it.
Find the following declaration:
Uncomment it and modify it to look like the following:
Note we add the keystoreFile, keystorePass and changed the protocol declarations.
3 – Let’s test it!
Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.
Note if you try to access the default 8080 port it will be working too: http://localhost:8080
4 – BONUS - Configuring your app to work with SSL (access through https://localhost:8443/yourApp)
To force your web application to work with SSL, you simply need to add the following code to yourweb.xml file (before web-app tag ends):
The url pattern is set to /* so any page/resource from your application is secure (it can be only accessed with https). The transport-guarantee tag is set to CONFIDENTIAL to make sure your app will work on SSL.
If you want to turn off the SSL, you don’t need to delete the code above from web.xml, simply changeCONFIDENTIAL to NONE.
https://coolestguidesontheplanet.com/redirecting-http-https-tomcat/
Redirect HTTP to HTTPS on Tomcat
You’ve bought your SSL secure certificate and successfully installed on Tomcat with thekeytool but how do your redirect the entire site to go HTTPS and redirect any HTTPconnection straight over to HTTPS.
You need to edit the 2 Tomcat configuration files; server.xml and web.xml and then when edited restart the tomcat service.
Open server.xml typically found in tomcat/conf and change:
Connector port="80?
enableLookups="false"
redirectPort="8443?
to
Connector port="80?
enableLookups="false"
redirectPort="443?
Then openweb.xml (same directory) and add this snippet before the closing tag of /web-app:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Restart Tomcat and all pages should redirect to https.
