Apache Tomcat Server: Enabling SSL/HTTPS configuration for security

In this article, we will learn how to configure self-signed certificate for Apache Tomcat server for transacting data in a very secure way between the client and server

Secured Socket Layer (secured http)

SSL/HTTPS is a protocol used for security to communicate between client and server by implementing encrypted data and self-signed certificates

Configuring SSL in Tomcat

  • use keytool to generate self-signed certificates
  • un-comment SSL connector to support SSL/HTTPS connection and add key details
  • access secure page using 8443 port
  • to configure SSL/HTTPS to support Java Web Application

Generate self-signed certificate (keystore)

Use keytool utility of Java to create self-signed certificate and enter required information

Password: tomcat7055
First and last name –> benchresources
Organizational Unit –> Bench Resources
Organization Name –> benchresources.net
City or Locality –> MUM
State or Province –> MH
Country code –> IN

A key store will be generated at location “D:\Downloads\Software\apache-tomcat-7.0.55” with name “TestingSSLKeyStore

1_Apache_Tomcat_7x_SSL_enable_screenshot

 

Enable SSL connector in Tomcat (Tomcat_Home/conf/server.xml)

Un-comment tomcat’s 8443 connector port

<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
	maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS" /> -->

Add below details to this connector port

keystoreFile –> D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore
keystorePass –> tomcat7055

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
	maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS"
	keystoreFile="D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore"
	keystorePass="tomcat7055" />

That’s it ……… SSL is enabled in Apache Tomcat server listening at port 8443

Start the Apache Tomcat server 7.0.55

 

Access secure page using 8443 port

Access URL https://locahost:8443

2_Apache_Tomcat_7x_SSL_access_home_page

 

To configure SSL/HTTPS to support Java Web Application

Add this security-constraints tag in web.xml

<!-- UsernameToken security headers in Metro JAX-WS -->
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>restricted web services</web-resource-name>
			<url-pattern>/*</url-pattern>
			<http-method>GET</http-method>
			<http-method>POST</http-method>
		</web-resource-collection>
		<user-data-constraint>
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
	</security-constraint>

References

Happy Learning !!
Happy Coding !!