Categories
AI & Tech

How to configure SSL on your application

If you have not already configured your Tomcat instance then you can follow the instructions here.

How to setup SSL on Tomcat in less than 5 minutes

By following the above article, you will be fulfilling all the prerequisites and you will be able to proceed to the next step. To enforce your application to work with SSL, the following is the additional step that needs to be done. You will need to add the following code snippet into your application’s web.xml file.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>YOUR SECURED WEBAPP NAME</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
 </security-constraint>

Observe the following things from this setting that you’ll be putting in your web.xml file:

  1. The url-pattern tag above is set to /* so that any page or resource of your web application needs to be accessed via HTTPS only.
  2. The transport-guarantee tag above is set to CONFIDENTIAL, to ensure that your application is accessible via HTTPS only.
  3. For these changes to take effect, save the web.xml file, and restart your TOMCAT / TomEE service.
  4. In case you want to turn off the SSL settings, you don’t really have to remove this whole setting but mark the transport-guarantee tag to NONE instead of CONFIDENTIAL and restart your TOMCAT / TomEE instance.
Categories
AI & Tech

How to setup SSL on Tomcat in less than 5 Minutes

This article is going to show you how you can configure SSL on your Tomcat / TomEE instance in less than 5minutes, I challenge you that!

For this, the basic pre-requisites are the following (these are obvious, but making a point that this article is self-explanatory to all kinds):

  • Java SDK (JDK 11.0.2 used for this article)
  • Tomcat / TomEE (Tomcat 9 used for this article)

There are basically two important steps to make this configuration work, which is as follows:

  • To create a Keystore file using Java
  • To configure your Tomcat / TomEE instance to use this Keystore file that was generated in the earlier step.

Let us now look at these steps which are outlined above

Create a Keystore file using Java:

For this, open a command prompt for Windows or a terminal for your Linux / macOS:

cd %JAVA_HOME%/bin -> For Windows

cd $JAVA_HOME/bin -> For Linux / macOS

By the above step, you would change directory to JAVA_HOME/bin where you will find a handy tool key tool that takes the responsibility of creating a Keystore file. On that prompt/terminal, key in the following command:

keytool –genkey –alias tomcat –keyalg RSA

After the execution of the above command, you would be posed with the following questions where you can provide answers accordingly:

You would first be prompted for a password, provide it and make sure that you remember or make a note of it correctly.

For the First and Last name, it should be the name of the system where this certificate must be deployed. Eg: HOSTNAME of your TOMCAT instance.

The rest of the questions are straight forward, examples of those are provided in the screenshot below.

At the end of this questionnaire comes a confirmation, for which you need to explicitly say Y / YES after reviewing the details that you’ve provided here.

Once the above command is executed, this would create a .keystore file under the following folder locations based on your choice of OS where you would have attempted this.

WINDOWS -> C:\Users\<USER_NAME>\.keystore

LINUX -> /home/<USER_NAME>/.keystore

MacOS -> /Users/<USER_NAME>/.keystore

Configure Tomcat with a generated Keystore file

Open your Tomcat / TomEE installation directory for which you want to configure SSL, open the conf folder -> server.xml file in Administrator mode (so that the modifications that you make can be saved on exit).

Search for the following XML element:

Uncomment and make the changes to match the following

  1. Make a note of the changes made, here we should add these parameters without fail – Keystore file, keystorePass, and the protocol.

This brings us to the end of the necessary configurations that are required to setup SSL for your TOMCAT / TomEE instances. Restart your TOMCAT / TomEE instances for the changes to take effect.

You could now try and test accessing the following URLs to confirm that the TOMCAT / TomEE instances are available on both HTTP and HTTPS. These should both land to your TOMCAT / TomEE home page respectively.

  1. http://localhost (Considering that you are running your TOMCAT / TomEE instances on the default port 80).
  2. http://localhost:8443

How do I start Tomcat in https mode?

What is SSL in Tomcat

Does Tomcat Use OpenSSL?
How do I configure SSL?

Tomcat 8.5 SSL configuration

How to install SSL certificate in apache tomcat Linux

Two-way-SSL-on-tomcat

Tomcat self-signed certificate

Setting up SSL on tomcat in 5 minutes

How to configure SSL in Tomcat 7

Exit mobile version