How to setup https/ssl on Tomcat 6?

Generate a keystore using this command:

c:\work\keytool -genkey -alias myalias -keyalg RSA -keystore mykeystore


Your Tomcat server.xml should have an entry like below:

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11Protocol”  SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystoreFile=”C:\work\mykeystore”
keystoreType=”JKS” keystorePass=”123456″ />

This may also be needed (note the SSLEngine=off ):

<Listener className=”org.apache.catalina.core.AprLifecycleListener” SSLEngine=”off” />


Note, your site now will work on both http and https – assuming you have not removed the http connector from server.xml

If you want to force some URLs to work only in https then add the following in web.xml:


<web-resource-name>Protected Area</web-resource-name>

<!– All access to this area will be SSL protected –>


Now, all the URLs that are like: /secure/whatever – can be accessed only over https. If you attempt to access them over http, it will redirect to https automatically.

Note: We have generated and used a dummy certificate above, altho it works – when u open url using https://.. in your browser – you will see a warning and a red mark. To use a real ssl certificate (you will have to buy) – the steps will be slightly different.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: