Saturday, March 12, 2011

Enable HTTPS in Apache Tomcat server

I have assumed that you have properly installed Apache tomcat server and it is perfectly running on HTTP protocol.if you don't know how to install Apache tomcat , you can refer my previous blog post on  Installing Apache Tomcat .In order to configure HTTPS support in the tomcat server, you are required to folllow the steps given below.

1. it is required to have a self-signed server certificate for https. therefore you have to use keytool utility to generate such certificate for your tomcat server. type the keytool command in the command prompy \t to check whether the key tool utility is working.

C:\> keytool

if it is working, it should display a list of commands that are owned to the keytool utility. otherwise it will show you an error message indicating that keytool is not recognized as an internal or external command. if you get such error message, the reason is exactly you have not set JDK/JRE classpath in your command prompt. in such case, it is required to append C:\Program Files\Java\jdk1.6.0\bin (in my case) to the end of the path environment variable. then it will run the keytool utility properly.

Environment Variable
path = C:\Program Files\Java\jdk1.6.0\bin

2. then type the following command in the command prompt for generating the server certificate.

keytool -genkeypair -alias tomcat -keyalg RSA -keysize 1024 -dname "CN=localhost, OU=Organization, O=Company Name, L=City, S=State, C=US"
-validity 365 -keystore keystore

Enter keystore password: <enter a new password here>

Enter key password for <tomcat>

        (RETURN if same as keystore password): <just hit enter here>

The password you enter in the first password prompt will be the password for the keystore where your server certificate is stored.

3.Next, edit your Tomcat's conf/server.xml to enable the HTTPS connector. Look for a connector that looks like this:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

by default, this has been commented and you are required to remove the comment.

No comments:

Post a Comment