TL;DR – Quickly install SSL on Apache Tomcat with this fast and easy guide. Complete setup in just 10 minutes.

This post is about configuration, if you want to configure your website to always open with https://your_any_website/App access using Tomcat.

Prerequisites [Basic Requirements]

1. JAVA SDK/ JDK
2. Tomcat (7+) [Apache Tomcat running]
3. Admin access to Tomcat (Depending on your environment)

What is SSL and Why Tomcat Needs It

SSL — Secure Sockets Layer is a protocol that is used to secure communication between web browsers (clients) and Servers. In real time, it encrypts data exchanged between the client and the server. It also ensures that sensitive information like credit card numbers, passwords, etc. remain private and safe from third-party people, and they cannot see it directly. 

Remember that, nowadays, SSL has been replaced by TLS (Transport Layer Security), but SSL is still widely used.

As you know, the Tomcat is an open source web server, and it hasa  servlet container that needs SSL to secure its website or web app. Any data sent between the user’s end and Tomcat without SSL could be intercepted or altered by malic*ous third-party. If you implement the SSL, Tomcat will ensure that,

1. Data is encrypted for security.
2. User privacy is protected.
3. Websites appear trustworthy (HTTPS instead of HTTP).

In short summary, SSL helps Tomcat to deliver secure, encrypted connections, protecting both server data and user information.

The setup consists of 3 basic steps:

1. Create a Keystore file using Java
2. Configure Tomcat to use the Keystore
3. Test what you did!
4. (Bonus ) Configure your app to work with SSL (access through https://localhost:8443/your_Application)

Apache Tomcat SSL Configuration Guide: Enable HTTPS Using Keystore | Image by Author Created with Canva

Step 1 — Creating a Keystore file using Java

First, open the terminal on your computer and type:

Windows:

cd %JAVA_HOME%/bin

Linux or Mac OS:

cd $JAVA_HOME/bin

The $JAVA_HOME on Mac is located on “/System/Library/Frameworks/JavaVM.framework/Versions/{your java version}/Home/”

You will change the current directory to the directory Java is installed on your computer. Inside the Java Home directory, cd to the bin folder. Inside the bin folder, there is a file named keytool. This Thing is responsible for generating the Keystore file for us.

Next, type on the terminal:

keytool -genkey -alias tomcat -keyalg RSA

When you type the command above, it will ask you some questions. First, it will ask you to create a password (My password is “password“):

c:/RaxTonProduction/: keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:  password (it will be invisible)
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Rakshit Shah
What is the name of your organizational unit?
  [Unknown]:  RaxTon
What is the name of your organization?
  [Unknown]:  RaxTon
What is the name of your City or Locality?
  [Unknown]:  Ahmedabad
What is the name of your State or Province?
  [Unknown]:  GJ
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Rakshit Shah, OU=RaxTon, O=RaxTon, L=Ahmedabad, ST=GJ, C=IN correct?
  [no]:  yes
 
Enter key password for
    (RETURN if same as keystore password):  password
Re-enter new password: password

It will create a .keystore file on your user's home directory. On Windows, it will be on: C:Documents and Settings[username]; on Mac it will be on /Users/[username] and on Linux will be on /home/[username].

Step 2 — Configuring Tomcat for using the Keystore file — SSL config

Open your Tomcat installation directory and open the conf folder. Inside this folder, you will find the server.xml file. Open it.

Find the following declaration:

Uncomment it and modify it to look like the following:

Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout="true" enableLookups="false" maxThreads="25"
    port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
    secure="true" sslProtocol="TLS" />

Note we add the keystoreFile, keystorePass and changed the protocol declarations.

Step 3 — Let’s test it!

Start tomcat service and try to access https://localhost:8443. You will see Tomcat’s local home page.

Note if you try to access the default 8080 port it will be working too: http://localhost:8080

Step 4 — BONUS — Configuring your app to work with SSL (access through https://localhost:8443/yourApp)

To force your web application to work with SSL, you simply need to add the following code to your web.xml file (before web-app tag ends):

<security-constraint>
    
        securedapp
        /*
    
    
        CONFIDENTIAL
    

The URL pattern is set to /* so any page/resource from your application is secure (it can be only accessed with HTTPS). The transport guarantee tag is set to CONFIDENTIAL to make sure your app will work on SSL.

If you want to turn off the SSL, you don’t need to delete the code above from web.xml, simply change CONFIDENTIAL to NONE.

Bingo! You did it!

Reference: APACHE TOMCAT, Cover Image prepared by Author on Powerpoint.

Don't miss : Convert .pfx to .crt and .key: Quick and Easy Method

If you find joy and value in what I do, please consider supporting my work with a donation — however much you can afford, it means and helps more than you can imagine. Buy Me A Coffee.