Tag Archives: SSL

Simple SSL configuration for Apache-Tomcat

For the official instructions (Tomcat 8), read this page

The following instructions are for development servers only:

Step 1: Create a keystore file to store the server’s private key and self-signed certificate:

For Windows:

"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA

For Unix/Linux:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

You will be asked for various information. Remember the password you typed at this step.

At the end of the procedure, keytool will create a file named “.keystore” to your home directory. By default it is hidden. This file should be moved to Apache-Tomcat home directory and can be renamed (eg to “keystore”).

Step 2: Disable APR:

Edit server.xml and comment out the following line:

<!--
    Listener
    className="org.apache.catalina.core.AprLifecycleListener"
    SSLEngine="on"
/-->

Step 3: Activate the SSL connector

Edit server.xml and add (or uncomment and modify) the following lines:

<Connector 
    port="8443" 
    SSLEnabled="true" 
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" 
    scheme="https" 
    secure="true"      
    keystoreFile="keystore" 
    keyAlias="tomcat"
    keystorePass="12345678"
    clientAuth="false" 
    sslProtocol="TLS" />

You will have you replace “12345678” with your password.

You will also have to replace “keystore” with the full path to the keystore file generated at Step 1.

Step 4: Restart Tomcat

Do not forget to restart Apache-Tomcat

 

 

Advertisements