Generate a keystore using this command:
c:\work\keytool -genkey -alias myalias -keyalg RSA -keystore mykeystore
Your Tomcat server.xml should have an entry like below:
<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11Protocol” SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystoreFile=”C:\work\mykeystore”
keystoreType=”JKS” keystorePass=”123456″ />
This may also be needed (note the SSLEngine=off ):
<Listener className=”org.apache.catalina.core.AprLifecycleListener” SSLEngine=”off” />
Note, your site now will work on both http and https – assuming you have not removed the http connector from server.xml
If you want to force some URLs to work only in https then add the following in web.xml:
<!– All access to this area will be SSL protected –>
Now, all the URLs that are like: /secure/whatever – can be accessed only over https. If you attempt to access them over http, it will redirect to https automatically.
Note: We have generated and used a dummy certificate above, altho it works – when u open url using https://.. in your browser – you will see a warning and a red mark. To use a real ssl certificate (you will have to buy) – the steps will be slightly different.