How to enable HTTPS on Tomcat

Jiří Kratochvíl — Mon, 11 Oct 2010 09:12:41 +0000

In this article I would like to describe how to enable SSL support in Tomcat. Basically it is a few steps, but there will be recorded for cases when some of my colleague asked me

The first step is creating a server certificate. It is possible to create in two different ways. Either you can create „self-signed certificate“ or you can import certificate issued by some certification authority.

In this article we will create a self-signed certificate and then configure Tomcat to use the certificate. This configuration is enough for development.

For creating a server certificate, we will use keytool utility of the JDK.

On Windows

%JAVA_HOME%binkeytool-genkey-alias tomcat-keyalg RSA

On Linux

$JAVA_HOME/bin/keytool-genkey-alias tomcat-keyalg RSA

Then uncomment the file server. (XML configuration file of Tomcat) this section:

And thats all. Your server supports both in SLL and non-SSL connections.

Forcing SSL

In case you need to make all connections to your application has been secured with SSL, and even when a user enters the address only as http you can use the following.

Edit the web.xml file of your application by adding the following element:


        AppOverSSL
        
            
                ResourceName
            
            /
            POST
            GET
        
        
            CONFIDENTIAL

Don’t forget to define right port number for SSL in your server.xml file in attribute redirectPort of element that is defined your unsecured connection:

Now when users use non-secured connection is redirected on HTTPS connection.

Tomcat – Jiří Kratochvíl

How to enable HTTPS on Tomcat

Forcing SSL