Tomcat is a Web Server for JSP pages. It comes in default for HTTP on port 8080. If required it can be configured to use SSL connection on port 8443.
If you are using Tomcat as a standalone web server, then it is a probably a good idea to configure Tomcat to handle SSL connections. But if you are fronting Tomcat with a web server, and Tomcat serves only as a application server or a Tomcat servelet container, then its BETTER to let the web server function as a proxy for all HTTPS requests and NOT configure Tomcat for SSL.
Why....?
Because in SSL connection the data is encrypted. All that encryption, decryption and handshaking are not just free. Its CPU intensive , thus slows down the transmission speed.
If another web server is used to serve the static content, Tomcat must be freed to focus on its specialty : delivering dynamic content and take data from web server as son as possible.
Following shows set of simple steps to carry out the Tomcat SSL configuration.
STEP 1
cd $JAVA_HOME/bin
Inside this directory is a folder named keytool which is responsible for generating a keystore file.
STEP 2
Then open the terminal
New keystore file is created in the home directory of the user.
New keystore file is created in the home directory of the user.
keytool -genkey -alias tomcat -keyalg RSA
To specify a different location for the keystore file
keytool -genkey -alias tomcat -keyalg RSA
-keystore /path/to/my/keystore
It'll ask for some questions .
IMPORTANT
First ask to enter the password for keystore. The default password is 'changeit '. Better to provide the password of your Tomcat server.
The next important fact is for the first name and last name (first question) provide the host name of the url you are accessing the application. Certificate exception might arise otherwise.
IMPORTANT
First ask to enter the password for keystore. The default password is 'changeit '. Better to provide the password of your Tomcat server.
The next important fact is for the first name and last name (first question) provide the host name of the url you are accessing the application. Certificate exception might arise otherwise.
Now keystore file is created on your machine.
STEP 3
Now to configure the Tomcat server file , First move to the bin folder in tomcat installation directory.
Open using an editor and find the following line
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
Modify it as follows after uncommenting
Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
STEP 4
Now access the Tomcat service as https://localhost:8443. You can access default port 8080 too on http://localhost:8080
Here You Goo.... :)
STEP 5
By doing the above 4 steps, you can successfully enable the secure connection. But in order to avoid some common ssl related errors you might encounter when developing applications that communicates securely this step is gonna be very USEFUL....
Import the server certificate to the trusted Java key store.
- First download the certificate from the server.
- move to $JAVA_HOME /bin folder. Execute the following command there.
keytool -import -alias _alias_name_ -keystore ..\lib\security\cacerts -file _path_to_cer_file
below link takes you to some common ssl related errors and how to solve them.
No comments:
Post a Comment