In this article, we will learn how to configure self-signed certificate for Apache Tomcat server for transacting data in a very secure way between the client and server
Secured Socket Layer (secured http)
SSL/HTTPS is a protocol used for security to communicate between client and server by implementing encrypted data and self-signed certificates
Configuring SSL in Tomcat
- use keytool to generate self-signed certificates
- un-comment SSL connector to support SSL/HTTPS connection and add key details
- access secure page using 8443 port
- to configure SSL/HTTPS to support Java Web Application
Generate self-signed certificate (keystore)
Use keytool utility of Java to create self-signed certificate and enter required information
Password: tomcat7055
First and last name –> benchresources
Organizational Unit –> Bench Resources
Organization Name –> benchresources.net
City or Locality –> MUM
State or Province –> MH
Country code –> IN
A key store will be generated at location “D:\Downloads\Software\apache-tomcat-7.0.55” with name “TestingSSLKeyStore”
Enable SSL connector in Tomcat (Tomcat_Home/conf/server.xml)
Un-comment tomcat’s 8443 connector port
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
Add below details to this connector port
keystoreFile –> D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore
keystorePass –> tomcat7055
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore" keystorePass="tomcat7055" />
That’s it ……… SSL is enabled in Apache Tomcat server listening at port 8443
Start the Apache Tomcat server 7.0.55
Access secure page using 8443 port
Access URL https://locahost:8443
To configure SSL/HTTPS to support Java Web Application
Add this security-constraints tag in web.xml
<!-- UsernameToken security headers in Metro JAX-WS --> <security-constraint> <web-resource-collection> <web-resource-name>restricted web services</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
References
- http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
- http://mircwiki.rsna.org/index.php?title=Configuring_Tomcat_to_Support_SSL
Happy Learning !!
Happy Coding !!