Setting Up SSL on Tomcat
By: Ramlak in Java Tutorials on 2008-11-24
When transferring usernames and passwords over HTTP, you should set up SSL on Tomcat or whichever application server you are using. This protocol ensures that the names and passwords are in encrypted form as they travel across the network, and thus protected from theft and malicious use by hackers and other intruders.
Setting up SSL on Tomcat 4 is a two-step process:
-
Use the keytool utility to create a keystore file encapsulating a digital certificate used by the server for secure connections.
-
Uncomment the SSL Connector element in Tomcat's conf/server.xml file, and alter its attributes if necessary.
The keytool utility is located in the bin subdirectory of the directory where you have installed the JSDK. The following command line creates a single self-signed digital certificate for the Tomcat server within a keystore file named .keystore. This file is created in the home directory of the user running the command.
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
The Unix version of this command is:
$JAVA_HOME\bin\keytool -genkey -alias tomcat -keyalg RSA
(For this command to succeed, the JAVA_HOME environment variable must be set to the directory where the Java 2 SDK is installed, such as h:\j2sdk1.4.1_01.)
The sample below shows the console output resulting from executing the keytool command. The keytool will request some information about you and your organization, but you can accept the default values by pressing Enter. This information is incorporated into the server's certificate and presented to the user (via her web browser) when she requests any components with a URL that starts with https://.
In setting up SSL for Tomcat, you must use the same password for both the keystore and the certificate that is stored in the keystore.The default password used in Tomcat is "changeit": http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html.
The console output resulting from using the keytool utility
Enter keystore password: changeit
What is your first and last name?
[Unknown]: Bruce Perry
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Bruce Perry, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
Finally, uncomment the SSL Connector element in the conf/server.xml file by removing the comment characters around it (<!-- -->). Then restart Tomcat.
The Connector element inside server.xml
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className=
"org.apache.coyote.tomcat4.CoyoteConnector" port=
"8443" minProcessors="5" maxProcessors="75" enableLookups=
"true" acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className=
"org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth=
"false" protocol="TLS" />
</Connector>
The Connector uses a different port number (8443) than that used by insecure HTTP connections (in Tomcat, it's usually 8080). After you have restarted Tomcat, you can now make a secure connection to a web component in the home application with a URL that looks like this:
https://localhost:8443/home/sqlJsp.jsp
Add Comment
This policy contains information about your privacy. By posting, you are declaring that you understand this policy:
- Your name, rating, website address, town, country, state and comment will be publicly displayed if entered.
- Aside from the data entered into these form fields, other stored data about your comment will include:
- Your IP address (not displayed)
- The time/date of your submission (displayed)
- Your email address will not be shared. It is collected for only two reasons:
- Administrative purposes, should a need to contact you arise.
- To inform you of new comments, should you subscribe to receive notifications.
- A cookie may be set on your computer. This is used to remember your inputs. It will expire by itself.
This policy is subject to change at any time and without notice.
These terms and conditions contain rules about posting comments. By submitting a comment, you are declaring that you agree with these rules:
- Although the administrator will attempt to moderate comments, it is impossible for every comment to have been moderated at any given time.
- You acknowledge that all comments express the views and opinions of the original author and not those of the administrator.
- You agree not to post any material which is knowingly false, obscene, hateful, threatening, harassing or invasive of a person's privacy.
- The administrator has the right to edit, move or remove any comment for any reason and without notice.
Failure to comply with these rules may result in being banned from submitting further comments.
These terms and conditions are subject to change at any time and without notice.
- Data Science
- Android
- React Native
- AJAX
- ASP.net
- C
- C++
- C#
- Cocoa
- Cloud Computing
- HTML5
- Java
- Javascript
- JSF
- JSP
- J2ME
- Java Beans
- EJB
- JDBC
- Linux
- Mac OS X
- iPhone
- MySQL
- Office 365
- Perl
- PHP
- Python
- Ruby
- VB.net
- Hibernate
- Struts
- SAP
- Trends
- Tech Reviews
- WebServices
- XML
- Certification
- Interview
categories
Related Tutorials
Read a file having a list of telnet commands and execute them one by one using Java
Open a .docx file and show content in a TextArea using Java
Step by Step guide to setup freetts for Java
Of Object, equals (), == and hashCode ()
Using the AWS SDK for Java in Eclipse
DateFormat sample program in Java
concurrent.Flow instead of Observable class in Java
Calculator application in Java
Sending Email from Java application (using gmail)
Comments