Enable HTTPS on Tomcat

Enable HTTPS on Tomcat


If you are looking to enable HTTPS in Tomcat first thing you will have to do is generating a server certificate for your website.
A key tool command which comes with your JRE( Java Runtime Environment). Open a command shell which should know how to find your Java runtime environment properly. If you are using Linux type the following commands for JRE:
# export JRE_HOME=/usr/java/latest
# export PATH=$JAVA_HOME/bin:$PATH

And for JDK type the below given commands:

# export JAVA_HOME=/usr/java/latest
HTML Code:
# export PATH=$JAVA_HOME/bin:$PATH

One important point to remember is to change /usr/java/latest to the root directory path of your JDK.
In Windows for JRE type:

C:\> set JAVA_HOME=C:\Program Files\Java\jdk1.6.0_16
C:\> set PATH=%JAVA_HOME%\bin;%PATH%

For JDK type these commands:

C:\> set JAVA_HOME=C:\Program Files\Java\jdk1.6.0_16
C:\> set PATH=%JAVA_HOME%\bin;%PATH%

In order to generate self-signed server certificate type below given commands:

keytool -genkeypair -alias tomcat -keyalg RSA -keysize 1024 -dname
"CN=localhost, OU=Organization, O=Company Name, L=City, S=State, C=US"
-validity 365 -keystore keystore
Enter keystore password: <enter new password here>
Enter key password for <tomcat>
(RETURN if same as keystore password): <hit enter >

The first password you entered will be the password for the keystore where your server certificate is stored.
Next step is to edit your Tomcat’s conf/server.xml to enable the HTTPS connector, there will be a connector which looks like this:

<!--
<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150" scheme="https"
secure="true"
clientAuth="false" sslProtocol="TLS" />

It will be commented out by default. To uncomment it just remove the lines before and after the element. Add attributes keystoreFile and keystorePass and it will look like this:

<Connector port="8443" protocol="HTTP/1.1"
 SSLEnabled="true"
maxThreads="150" scheme="https"
secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/keystore" keystorePass="your password"
/>
When using Tomcat on Windows, you may set the port number to 443, a default HTTPS port number.
If you are running it on Linux or some other non-windows operating system you can only do it by running it as root.
However this is not recommended. Once completed the above steps above, restart Tomcat over HTTPS with a url like https://localhost:8443.

Leave a Comment