Running Tomcat web applications over Secure Sockets Layer (SSL) to secure your connection. For this secure connection you need a certificate. Before you can start this tutorial, you’ll need to make a keystore. See http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html or use https://www.digicert.com/easy-csr/keytool.htm to generate a keystore and siging certificate.
To import a signed certificate file in the keystore, type the following command (on the server):
Keytool -import -alias server -file cert_bundle.pem -keystore your_domain.jks
–!– Make sure that you combine the server certifcate with the required intermediate and root CA certificate(s) into a single certificate bundle file.
Now configure Tomcat to use the keystore file:
1. | Open the server.xml file in a text editor. The server.xml can be found in the \conf directory of the Tomcat application. Find the section which defines the SSL connector. |
2. | Uncomment this section. |
Tip: If you don’t want to type a port number in your URL, configure the SSL connection on port 443. As seen in this example.
3. | Add the path to the keystore file and the password belongs to this keystore file. Save the server.xml file and restart the Tomcat server. |
4. | Open an internet browser and test the SSL connection by browsing to the webserver. |
Note: A SSL URL always starts with the HTTPS protocol in the browsers address bar.
5. | If the secure connection works and you use a URL which is not stored in the SSL certificate, there will pop up a window with a security alert. |
6. | In the right corner of the browser window, you will see a lock icon. This means that the website is secure and the SSL certificate is working. |