If you are running tomcat server that runs only on HTTP, follow the 2 easy steps mentioned below, to configure tomcat for SSL.

1. Create Keystore using Java keytool

First use the keytool to create a java keystore as shown below. Make sure to note down the password that you enter while creating the keystore.

[root@alex~]# $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

Enter keystore password:

Re-enter new password:

What is your first and last name? [Unknown]: Alex Hunt

What is the name of your organizational unit? [Unknown]: IT

What is the name of your organization? [Unknown]: JKT

What is the name of your City or Locality? [Unknown]: Noida

What is the name of your State or Province? [Unknown]: UP

What is the two-letter country code for this unit? [Unknown]: IN

Is CN=Alex, OU=IT, O=JKT, L=Noida, ST=UP, C=IN correct?

[no]: yes

Enter key password for

(RETURN if same as keystore password):

This will create the .keystore file under the /root home directory.

# ls -l /root/.keystore

-rw-r–r– 1 root root 1391 Apr 6 11:19 .keystore

2. Modify the server.xml file

Locate the conf/server.xml file located under the tomcat directory. If the Connector port=”8443″is commented out, you should uncomment it first.

[root@alex~]# vim server.xml

Now, add the keystore information to the server.xml as shown below. Replace your-key-password with the password you provided in the step 1 while creating the keystore.

Finally, restart the tomcat server and access the application using https://{your-ip-address}:8443/

Posted in: Linux.
Last Modified: October 30, 2013

Leave a reply