How to configure SSL/HTTPS on Tomcat Server


On this page, we will learn a step-by-step guide to configure and enable SSL/HTTPS on the Tomcat server. To configure SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment.

But for the production environment,  you have to get the digital certificate from SSL certificate providers like Verisign, Let’s Encrypt, or Entrust.

How to configure SSL/HTTPS on Tomcat Server

What is SSL? SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. –Cloudflare

1. Prerequisite

  1. Tomcat 8+ → Extracted latest Tomcat server distribution.
  2. Java → Installed and configured the path in the system environment variable.

2. Steps

Step 1: Open the Command Terminal and go to the ~{Java-Installation-Directory}/bin.

Step 2: Create a JKS keystore file to store the server’s private key and self-signed certificate by executing the below command:

#keytool -genkey -alias tomcat -keyalg RSA -keystore path-to-store\certs\dev-localhost.jks

keytool -genkey -alias tomcat -keyalg RSA -keystore C:\apache-tomcat-10.1.1\conf\dev-localhost.jks

Step 3: When you execute the above command it will ask for a password. You can set any password but I’ve used the “changeit“.

Step 4: After setting the password, it will ask additional details like name, organizational unit, state, country, etc. And in the last, confirm your credentials.

Command Terminal
Microsoft Windows [Version 10.0.19045.2251]
(c) Microsoft Corporation. All rights reserved.

C:\Program Files\Java\jdk-11.0.12\bin>keytool -genkey -alias tomcat -keyalg RSA -keystore C:\apache-tomcat-10.1.1\conf\dev-localhost.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Atul Rai
What is the name of your organizational unit?
  [Unknown]:  Development
What is the name of your organization?
  [Unknown]:  Websparrow
What is the name of your City or Locality?
  [Unknown]:  New Delhi
What is the name of your State or Province?
  [Unknown]:  Delhi
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Atul Rai, OU=Development, O=Websparrow, L=New Delhi, ST=Delhi, C=IN correct?
  [no]:  yes

Step 5: Now our self-signed digital certificate is ready and next step is to enable HTTPS communication port in tomcat and set it to use our digital certificate for providing SSL support. To enable SSL open ~{Tomcat-Installation-Directory}/conf/server.xml file and uncomment following line:

server.xml
<Connector 
	port="8443"
	protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
	SSLEnabled="true">
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
    <SSLHostConfig>
        <Certificate 
			certificateKeystoreFile="C:/apache-tomcat-10.1.1/conf/dev-localhost.jks"
			certificateKeystorePassword="changeit"
            type="RSA" />
    </SSLHostConfig>
</Connector>

Step 6: In the last, restart tomcat and try to access any web application over HTTPS with port 8443.

A Step-By-Step Guide to Apache Tomcat with SSL Configuration

3. References

  1. SSL/TLS Configuration
  2. Transport Layer Security- Wikipedia

Similar Posts

About the Author

Atul Rai
I love sharing my experiments and ideas with everyone by writing articles on the latest technological trends. Read all published posts by Atul Rai.