Apache Tomcat Server – Enabling SSL/HTTPS configuration for Security

In this article, we will learn how to configure self-signed certificate for Apache Tomcat server for transacting data in a very secure way between the client and server

1. Secured Socket Layer (secured http):

  • SSL/HTTPS is a protocol used for security to communicate between client and server by implementing encrypted data and self-signed certificates

2. Configuring SSL in Tomcat:

  • use keytool to generate self-signed certificates
  • un-comment SSL connector to support SSL/HTTPS connection and add key details
  • access secure page using 8443 port
  • to configure SSL/HTTPS to support Java Web Application

2.1 Generate self-signed certificate (keystore)

  • Use keytool utility of Java to create self-signed certificate and enter required information
    • Password: tomcat7055
    • First and last name –> benchresources
    • Organizational Unit –> Bench Resources
    • Organization Name –> benchresources.net
    • City or Locality –> MUM
    • State or Province –> MH
    • Country code –> IN
  • A key store will be generated at location “D:\Downloads\Software\apache-tomcat-7.0.55” with name “TestingSSLKeyStore
1_Apache_Tomcat_7x_SSL_enable_screenshot

2.2 Enable SSL connector in Tomcat (Tomcat_Home/conf/server.xml)

  • Un-comment tomcat’s 8443 connector port
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
	maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS" /> -->
  • Add below details to this connector port
    • keystoreFile –> D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore
    • keystorePass –> tomcat7055
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
	maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS"
	keystoreFile="D:\Downloads\Software\apache-tomcat-7.0.55\TestingSSLKeyStore"
	keystorePass="tomcat7055" />

That’s it ……… SSL is enabled in Apache Tomcat server listening at port 8443

Start the Apache Tomcat server 7.0.55

2.3 Access secure page using 8443 port

2_Apache_Tomcat_7x_SSL_access_home_page

2.4 To configure SSL/HTTPS to support Java Web Application

  • Add this security-constraints tag in web.xml

web.xml

<!-- UsernameToken security headers in Metro JAX-WS -->
<security-constraint>
	<web-resource-collection>
		<web-resource-name>restricted web services</web-resource-name>
		<url-pattern>/*</url-pattern>
		<http-method>GET</http-method>
		<http-method>POST</http-method>
	</web-resource-collection>
	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>

References:

Happy Learning !!
Happy Coding !!

Metro JAX-WS - SOAP based Web Service using Top-Down approach
Oracle WebLogic 12c installation steps