Sunday, December 11, 2011

How to enable SSL on apache Tomcat 7.0

This tutorial shows how to enable SSL support for Apache Tomcat web server.
Requirement

*) Apache Tomcat 5.0
*) JDK 1.5

Note: if you have JDK below 1.4, you need to install Java Secure Socket Extensions (JSSE)

To install and configure SSL support on Tomcat, you need to follow these simple steps.


Generating the KeyStore file:

*) Create a keystore file to store the server's private key and self-signed certificate by executing the following    
    command.
*) Enter command line and change directory to your JAVA\bin folder. (Default path is: C:\Program    
    Files\Java\jre6\bin).
*) Type “keytool –genkey –alias tomcat –keyalg RSA" and press Enter.
        Where tomcat is an alias name and RSA is a key algorithm.
*) Type your password for the keystore. (Default password is: changeit). In this example, I’ll use password as “password"

Enter general information about this Certificate. The example is the image below. In the last line, Enter key password for (tomcat) should be the same as you enter before.Note that this information will be displayed to users who attempt to access a secure page.



*) The file .keystore will be created on your account. (Currently, I use administrator account so it’ll be in  
    C:\Documents and Settings\Administrator).
    I have copied the .keystore file and placed in tomcat folder.

Configure Tomcat:
*) Open server.xml in Tomcat\conf folder. (Default path is: C:\Program Files\Apache Software  
     Foundation\Tomcat x.x\conf).
*) Uncomment the paragraph below this line

<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -->

Add new attribute 

    keystoreFile="PATH\TO\KEYSTORE\.keystore"
    keystorePass=”password” to the Connector element. If you haven’t change keystore’s password, you    
               don’t have to add this attribute.
   Chnage protocol="org.apache.coyote.http11.Http11NioProtocol"

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\software\apache-tomcat-7.0.23-windows-x64\apache-tomcat-7.0.23\.keystore" keystorePass="password" />

*) Save and restart Apache Tomcat service.

Test the result:

Open browser and navigate to the Apache Tomcat server with https://localhost:8443