The below instructions explain how to configure Tomcat for SSL/TLS.
After following below instructions, users may access web applications securely through port 8443.
The instructions show how to generate a self-signed certificate that browsers can use to authenticate the server. Consequently, browsers will not be able verify the authenticity of the certificate because it will not have been signed by a trusted third party whose certificates are pre-installed in the client system or added to the client system but still you can use HTTPS without doing any of the above procedures, but your users will need to accept an un-trusted certificate each time they visit your site.
The instructions show how to generate a self-signed certificate that browsers can use to authenticate the server. Consequently, browsers will not be able verify the authenticity of the certificate because it will not have been signed by a trusted third party whose certificates are pre-installed in the client system or added to the client system but still you can use HTTPS without doing any of the above procedures, but your users will need to accept an un-trusted certificate each time they visit your site.
Create Keystore with Self-Signed Certificate
You need to generate a self-signed certificate and store it
in a file called keystore under the conf folder within the Tomcat. To do this, run the keytool command as shown below,
leaving the storepass and keypass values both equal to changeit.
This command may take a long time to complete, so be patient.
After generating the keystore file, move it into the conf folder.
To run the command, you need to be at an operating system command prompt. The keytool command is part of the Java SDK.
If your system only contains the Java JRE,
then you will need to install the JDK to get access to this command.
Running keytool under Windows
keytool -genkey ^
-keystore keystore ^
-alias tomcat ^
-keyalg RSA ^
-keysize 2048 ^
-dname CN=localhost ^
-storepass changeit ^
-keypass changeit
If you get a message that the command is unknown, then you need to provide the
full pathname to the keytool executable
(or add the bin folder in your jdk installation to the path variable in your environment).
The keystore file will be created at the level where you are running the above command. eg. if you are running the command from C:/ then search the file in c:/ itself. This file then you need to copy inside the tomcat conf folder.
Running keytool under Linux and Mac OS X
keytool -genkey \ -keystore keystore \ -alias tomcat \ -keyalg RSA \ -keysize 2048 \ -dname CN=localhost \ -storepass changeit \ -keypass changeit
The CN variable in the certificate should contain the domain name of your server.Because you are running Tomcat and your browser from the same machine,setting theCN variable to localhost as done above is OK.However, if you wanted to access Tomcat from a remote machine, you would need to replace localhost with the domain name of the machine on which Tomcat is running.
Once you have moved the file keystore under the apache-tomcat-7.0.23/conf folder then you need to modify the server.xml file under the apache-tomcat-7.0.23/conf folder. Now edit the file and uncomment the Connector element with the port 8443. for your connivence i am pasting the commented code in my server.xml file which you need to uncomment it.
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
then add the below attribute to the above element
keystoreFile="conf/keystore"
The following is an example Connector element that sets up HTTPS on port 8443.
<Connector port="8443" maxThreads="200" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystorePass="changeit" keystoreFile="conf/keystore" />
If you are running Windows Vista, regular users may not have the privileges
to modify server.xml. In this case, you need to edit server.xml as adminstrator.
To do this, right click on wordpad in the Windows start menu and select run as adminstrator.
once you are done the above procedure then you need to run your application and test it using 8443 port.
https://localhost:8443/<ServletContest>
No comments:
Post a Comment