In this article, we will learn how to configure self-signed certificate for Apache Tomcat server for transacting data in a very secure way between the client and server
1. Secured Socket Layer (secured http):
- SSL/HTTPS is a protocol used for security to communicate between client and server by implementing encrypted data and self-signed certificates
2. Configuring SSL in Tomcat:
- use keytool to generate self-signed certificates
- un-comment SSL connector to support SSL/HTTPS connection and add key details
- access secure page using 8443 port
- to configure SSL/HTTPS to support Java Web Application
2.1 Generate self-signed certificate (keystore)
- Use keytool utility of Java to create self-signed certificate and enter required information
- Password: tomcat7055
- First and last name –> benchresources
- Organizational Unit –> Bench Resources
- Organization Name –> benchresources.net
- City or Locality –> MUM
- State or Province –> MH
- Country code –> IN
- A key store will be generated at location “D:\Downloads\Software\apache-tomcat-7.0.55” with name “TestingSSLKeyStore”
2.2 Enable SSL connector in Tomcat (Tomcat_Home/conf/server.xml)
- Un-comment tomcat’s 8443 connector port
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" /> -->
- Add below details to this connector port
- keystoreFile –> D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore
- keystorePass –> tomcat7055
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore"
keystorePass="tomcat7055" />
That’s it ……… SSL is enabled in Apache Tomcat server listening at port 8443
Start the Apache Tomcat server 7.0.55
2.3 Access secure page using 8443 port
- Access URL https://locahost:8443
2.4 To configure SSL/HTTPS to support Java Web Application
- Add this security-constraints tag in web.xml
web.xml
<!-- UsernameToken security headers in Metro JAX-WS -->
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted web services</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
References:
- http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
- http://mircwiki.rsna.org/index.php?title=Configuring_Tomcat_to_Support_SSL
Happy Learning !!
Happy Coding !!