How to setup https/ssl on Tomcat 6?

Generate a keystore using this command:

c:\work\keytool -genkey -alias myalias -keyalg RSA -keystore mykeystore

 

Your Tomcat server.xml should have an entry like below:

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11Protocol”  SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS” keystoreFile=”C:\work\mykeystore”
keystoreType=”JKS” keystorePass=”123456″ />

This may also be needed (note the SSLEngine=off ):

<Listener className=”org.apache.catalina.core.AprLifecycleListener” SSLEngine=”off” />

 

Note, your site now will work on both http and https – assuming you have not removed the http connector from server.xml

If you want to force some URLs to work only in https then add the following in web.xml:

 

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>

<user-data-constraint>
<!– All access to this area will be SSL protected –>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

 

Now, all the URLs that are like: /secure/whatever – can be accessed only over https. If you attempt to access them over http, it will redirect to https automatically.

Note: We have generated and used a dummy certificate above, altho it works – when u open url using https://.. in your browser – you will see a warning and a red mark. To use a real ssl certificate (you will have to buy) – the steps will be slightly different.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: