By default, when you run Tomcat without any configuration changes, it only supports us with the usual HTTP protocol. To configure Tomcat to support SSL or HTTPS, you can change its configuration with the help of Java keystore generated using Java keytool. How is it in details? Let’s find out in this tutorial.
There are two steps we need to take to configure Tomcat to support SSL or HTTPS, which are:
The first step, as we say, we will need to use Java keytool to generate Java keystore. You can refer to this tutorial Generate keystore using keytool in Java to generate yourself a Java Keystore.
Here, I have generated a keystore named tomcat_https located in /Users/Khanh/Documents.
You can view your keystore information using the Java keytool -list command as follows:
|
1 |
keytool -list -keystore <keystore_location> |
Result:
The second step we need to do is modify the server.xml file located in the conf directory of Tomcat.
We will add a Connector using the HTTPS protocol by using the keystore file which we have generated above. The content we need is as follows:
|
1 2 3 4 5 |
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/Users/Khanh/Documents/tomcat_https" keystorePass="123456" /> |
where the value of keystoreFile is the path to the keystore file, and keystorePass is the password that we set when generating your keystore file.
Now if you start or restart Tomcat:
then go to https://localhost:8443/, you will see the following:
So, we have successfully configured SSL or HTTPS support for Tomcat.
