In this post i will show you how to configure tomcat 7.x for SSL protocol in windows
First we want to generate certificate file using java keytool
1. Open command prompt and go to bin folder of java installation
2. type following commands (i used my password as abcd@1234 (This is called keystore password).Please use your own)
Use alias as tomcat.There will be generate .keystore which is hold your key inside C:\key. Please make
sure there will be a directory called C:\key before type following command ( you can use your own
directory as well). You will be ask some questions.Please give as localhost when asking Your first
and Last Name( Here we give as localhost because we configure it in local machine.If you are configure tomcat in a server, Then you have to give the server name.For an example: If application hosting @ www.myapp.com then you have to use myapp as the Your First and Last Name).Others can be answered as you want.Type same password you use as
keystore password.Other wise there will be some error occurred when running tomcat.
Type following commands as it is.( Change passwords and locations you use as keystore password
and .keystore file generated
Now you having .keystore file inside c:\key (if you use the same location as tutorial) and file called cacerts %JAVA_HOME\jre\security . If you have those files that mean you are successfully generate certificate file.
Now lets configure tomcat
1. Go to tomcat install location and go to conf folder (in my case D:\tomcat\conf)
2. Open server.xml file in your favorite text editor
3. Find the commented line and comment out it
Before
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
After
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
4. Add the following lines in to that and change the bolded lines according to your configurations
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Users\madura\Documents\.keystore"
keystorePass="abcd@1234"
truststoreFile="D:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.22\security\cacerts"
SSLEnabled="true" protocol="org.apache.coyote.http11.Http11NioProtocol"/>
Now it is time t test this.
Congratulations.....
If not success please go to from the begining..
First we want to generate certificate file using java keytool
1. Open command prompt and go to bin folder of java installation
- CD %JAVA_HOME%\bin
2. type following commands (i used my password as abcd@1234 (This is called keystore password).Please use your own)
- D:\Program Files\Java\jdk1.6.0\bin>keytool -delete -alias tomcat -keypass abcd@1234
Use alias as tomcat.There will be generate .keystore which is hold your key inside C:\key. Please make
sure there will be a directory called C:\key before type following command ( you can use your own
directory as well). You will be ask some questions.Please give as localhost when asking Your first
and Last Name( Here we give as localhost because we configure it in local machine.If you are configure tomcat in a server, Then you have to give the server name.For an example: If application hosting @ www.myapp.com then you have to use myapp as the Your First and Last Name).Others can be answered as you want.Type same password you use as
keystore password.Other wise there will be some error occurred when running tomcat.
- D:\Program Files\Java\jdk1.6.0\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore c:/key/.keystore
Type following commands as it is.( Change passwords and locations you use as keystore password
and .keystore file generated
- keytool -export -alias tomcat -keypass abcd@1234 -file server.crt -keystore c:/key/.keystore
- keytool -import -file server.crt -keypass abcd@1234 -keystore ..\jre\lib\security\cacerts
Now you having .keystore file inside c:\key (if you use the same location as tutorial) and file called cacerts %JAVA_HOME\jre\security . If you have those files that mean you are successfully generate certificate file.
Now lets configure tomcat
1. Go to tomcat install location and go to conf folder (in my case D:\tomcat\conf)
2. Open server.xml file in your favorite text editor
3. Find the commented line and comment out it
Before
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
After
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
4. Add the following lines in to that and change the bolded lines according to your configurations
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Users\madura\Documents\.keystore"
keystorePass="abcd@1234"
truststoreFile="D:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.22\security\cacerts"
SSLEnabled="true" protocol="org.apache.coyote.http11.Http11NioProtocol"/>
Now it is time t test this.
- Open command prompt and go to %CATALINA_HOME%\bin
- Type catalina.bat start (tomcat server will start now)
- Open a web browser and type https://localhost:8443 (If the configurations are ok , you will see the official tomcat server page
Congratulations.....
If not success please go to from the begining..
