By following the above article, you will be fulfilling all the prerequisites and you will be able to proceed to the next step. To enforce your application to work with SSL, the following is the additional step that needs to be done. You will need to add the following code snippet into your application’s web.xml file.
Observe the following things from this
setting that you’ll be putting in your web.xml file:
The url-pattern tag above is set to /* so that any page or resource of your web application needs to be accessed via HTTPS only.
The transport-guarantee tag above is set to CONFIDENTIAL, to ensure that your application is accessible via HTTPS only.
For these changes to take effect, save the web.xml file, and restart your TOMCAT / TomEE service.
In case you want to turn off the SSL settings, you don’t really have to remove this whole setting but mark the transport-guarantee tag to NONE instead of CONFIDENTIAL and restart your TOMCAT / TomEE instance.
This article is going to show you how you can configure SSL on your
Tomcat / TomEE instance in less than 5minutes, I challenge you that!
For this, the basic pre-requisites are the following (these are
obvious, but making a point that this article is self-explanatory to all
kinds):
Java SDK (JDK 11.0.2 used for this article)
Tomcat / TomEE (Tomcat 9 used for this article)
There are basically two important steps to make this configuration work, which is as follows:
To create a Keystore file using Java
To configure your Tomcat / TomEE instance to use this Keystore file that was generated in the earlier step.
Let us now look at these steps which are outlined above
Create a Keystore file using Java:
For this, open a command prompt for Windows or a terminal for your Linux / macOS:
cd %JAVA_HOME%/bin
-> For Windows
cd $JAVA_HOME/bin -> For Linux / macOS
By the above step, you would change directory to JAVA_HOME/bin where you will find a handy tool key tool that takes the responsibility of creating a Keystore file. On that prompt/terminal, key in the following command:
keytool –genkey –alias tomcat –keyalg RSA
After the execution of the above command, you would be posed with the following questions where you can provide answers accordingly:
You would first be prompted for a password, provide it and make sure that you remember or make a note of it correctly.
For the First and Last name, it should be the name of the system where this certificate must be deployed. Eg: HOSTNAME of your TOMCAT instance.
The rest of the questions are straight forward, examples of those are provided in the screenshot below.
At the end of this questionnaire comes a confirmation, for which you need to explicitly say Y / YES after reviewing the details that you’ve provided here.
Once the above command is executed, this would create a .keystore file under the following folder locations based on your choice of OS where you would have attempted this.
WINDOWS -> C:\Users\<USER_NAME>\.keystore
LINUX -> /home/<USER_NAME>/.keystore
MacOS -> /Users/<USER_NAME>/.keystore
Configure Tomcat with a generated Keystore file
Open your Tomcat / TomEE installation directory for which you want to configure SSL, open the conf folder -> server.xml file in Administrator mode (so that the modifications that you make can be saved on exit).
Search for the following XML element:
Uncomment and make the changes to match the following
Make a note of the changes made, here we should add these parameters without fail – Keystore file, keystorePass, and the protocol.
This brings us to the end of the necessary configurations that are
required to setup SSL for your TOMCAT / TomEE instances. Restart your TOMCAT /
TomEE instances for the changes to take effect.
You could now try and test accessing the following URLs to confirm
that the TOMCAT / TomEE instances are available on both HTTP and HTTPS. These
should both land to your TOMCAT / TomEE home page respectively.
http://localhost (Considering that
you are running your TOMCAT / TomEE instances on the default port 80).