Enabling SSL for tomcat is a 2 step process.
1) Create a keystore.
2) Use the keystore while running tomcat instance.
Create a KEYSTORE
1. Switch to JAVA6 bin directory -- eg: cd C:\Program Files\IBM\Java60\jre\bin
2. execute the command to create the keystore :: keytool -genkey -alias tomcat -keyalg RSA -keystore `pwd`/.keystore
> here, give the path of the temp directory of Apache Tomcat, in place of pwd.
eg: keytool -genkey -alias tomcat -keyalg RSA -keystore C:/Softwares/apache7/.keystore
3. Follow the instructions to create the keystore, as shown below:-
c:\Program Files\IBM\Java60\jre\bin> keytool -genkey -alias tomcat -keyalg RSA -keystore C:/Softwares/apache7/.keystore
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: VIMAL DHUPAR
What is the name of your organizational unit?
[Unknown]: ICS
What is the name of your organization?
[Unknown]: IBM
What is the name of your City or Locality?
[Unknown]: Gurgaon
What is the name of your State or Province?
[Unknown]: Haryana
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=VIMAL DHUPAR, OU=ICS, O=IBM, L=Gurgaon, ST=Haryana, C=IN correct?
[no]: Y
Enter key password for <tomcat>
(RETURN if same as keystore password):
Use the KEYSTORE
4. Now edit the server.xml of your tomcat instance, and add following configuration to it:-
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector SSLEnabled="true" clientAuth="false" keystoreFile="C:/Softwares/apache7/.keystore" keystorePass="password" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
- In "keystoreFile" , provide the path where the keystore file has been created.
- In "keystorePass" provide the password set for the keystore, while creation.
5. Clean and Restart your Tomcat instance.
Parent topic: Security