This article is going to show you how you can configure SSL on your Tomcat / TomEE instance in less than 5minutes, I challenge you that!
For this, the basic pre-requisites are the following (these are obvious, but making a point that this article is self-explanatory to all kinds):
- Java SDK (JDK 11.0.2 used for this article)
- Tomcat / TomEE (Tomcat 9 used for this article)
There are basically two important steps to make this configuration work, which is as follows:
- To create a Keystore file using Java
- To configure your Tomcat / TomEE instance to use this Keystore file that was generated in the earlier step.
Let us now look at these steps which are outlined above
Create a Keystore file using Java:
For this, open a command prompt for Windows or a terminal for your Linux / macOS:
cd %JAVA_HOME%/bin -> For Windows
cd $JAVA_HOME/bin -> For Linux / macOS
By the above step, you would change directory to JAVA_HOME/bin where you will find a handy tool key tool that takes the responsibility of creating a Keystore file. On that prompt/terminal, key in the following command:
keytool –genkey –alias tomcat –keyalg RSA
After the execution of the above command, you would be posed with the following questions where you can provide answers accordingly:
You would first be prompted for a password, provide it and make sure that you remember or make a note of it correctly.
For the First and Last name, it should be the name of the system where this certificate must be deployed. Eg: HOSTNAME of your TOMCAT instance.
The rest of the questions are straight forward, examples of those are provided in the screenshot below.
At the end of this questionnaire comes a confirmation, for which you need to explicitly say Y / YES after reviewing the details that you’ve provided here.
Once the above command is executed, this would create a .keystore file under the following folder locations based on your choice of OS where you would have attempted this.
WINDOWS -> C:\Users\<USER_NAME>\.keystore
LINUX -> /home/<USER_NAME>/.keystore
MacOS -> /Users/<USER_NAME>/.keystore
Configure Tomcat with a generated Keystore file
Open your Tomcat / TomEE installation directory for which you want to configure SSL, open the conf folder -> server.xml file in Administrator mode (so that the modifications that you make can be saved on exit).
Search for the following XML element:
Uncomment and make the changes to match the following
- Make a note of the changes made, here we should add these parameters without fail – Keystore file, keystorePass, and the protocol.
This brings us to the end of the necessary configurations that are required to setup SSL for your TOMCAT / TomEE instances. Restart your TOMCAT / TomEE instances for the changes to take effect.
You could now try and test accessing the following URLs to confirm that the TOMCAT / TomEE instances are available on both HTTP and HTTPS. These should both land to your TOMCAT / TomEE home page respectively.
- http://localhost (Considering that you are running your TOMCAT / TomEE instances on the default port 80).
- http://localhost:8443
How do I start Tomcat in https mode?
What is SSL in Tomcat
Does Tomcat Use
OpenSSL?
How do I configure SSL?
Tomcat 8.5 SSL configuration
How to install SSL certificate in apache tomcat Linux
Two-way-SSL-on-tomcat
Tomcat self-signed certificate
Setting up SSL on tomcat in 5 minutes
How to configure SSL in Tomcat 7
Comment here