How to configure SSL on Tomcat 5

Had to SSL on a test server running Tomcat 5 yesterday. This is how I did it.

  1. >cd $CATALINA_HOME
  2. > $JAVA_HOME/keytool -genkey -alias tomcat -keyalg RSA -keystore mycert.jks
  3. Enter keystore password: changeit
  4. What is your first and last name? [Unknown]: Danesh Manoharan
  5. What is the name of your organizational unit? [Unknown]: IT
  6. What is the name of your organization? [Unknown]: My Comp.
  7. What is the name of your City or Locality? [Unknown]: KL
  8. What is the name of your State or Province? [Unknown]: KL
  9. What is the two-letter country code for this unit? [Unknown]: MY
  10. US Is CN=Danesh Manoharan, OU=IT, O=”My Comp.”, L=KL, ST=KL, C=MY correct? [no]: yes
  11. Enter key password for (RETURN if same as keystore password): Hit Enter.

Tomcat will assume the password is “changeit” by default so it’s advised to leave it that way. Now let’s tell Tomcat to use the keystore file.

  1. cd $CATALINA_HOME/conf/
  2. vi server.xml
  3. Look for “<!– Define a SSL HTTP/1.1 Connector on port 8443 –>”. Remove the <!– –> comments indicator and add the keystore info.

<!– Define a SSL HTTP/1.1 Connector on port 8443 –>
<Connector port=”443” maxHttpHeaderSize=”8192″
maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″
enableLookups=”false” disableUploadTimeout=”true”
acceptCount=”100″ scheme=”https” secure=”true”
keystoreFile=”/opt/Tomcat5/mycert.jks
clientAuth=”false” sslProtocol=”TLS” />

Time to restart Tomcat and test.

  1. cd $CATALINA_HOME/bin/
  2. ./shutdown.sh to make sure Tomcat is down.
  3. ./startup.sh to start Tomcat.
  4. Fire up your browser and test your new https site. https://localhost/
  • http://datajelly.com/ Matt Shields

    Great writeup! This works well for self-created certificates, but we had some issues getting our purchased SSL certificate to work. After a while we figured it out and wrote up our steps if anybody is interested:

    http://blog.datajelly.com/company/blog/34-adding-ssl-to-tomcat.html

  • Antaryami Sahoo

    Thanx.

  • Prem Waghmare

    Not at all working for me!!!!!!!

  • ravi

    step-1:
    i have a create war file of my project, the web.xml entry is

    Ganesha

    index.html
    index.htm
    index.jsp
    default.html
    default.htm
    default.jsp

    securedapp
    /*

    CONFIDENTIAL

    step-2:
    i have generate the key using
    keytool -genkey -alias server -keypass changeit -keystore server.keystore -storepass changet
    and put this file in C:\server.keystore

    step-3:
    server.xml entry is

    step-4:
    i deploy my war file in tomcat
    and start server,
    when i click to my project in tomcat manager
    my project url is:https://localhost:8443/Ganesha/
    but the browser says:
    This webpage is not available
    The webpage at https://localhost:8443/Ganesha/ might be temporarily down or it may have moved permanently to a new web address.
    Here are some suggestions:
    Reload this web page later.
    Error 7 (net::ERR_TIMED_OUT): The operation timed out

© 2008-2012 The Danesh Project
Powered by Wordpress and made by Guerrilla. Hosted at ServerFreak