Before we jump into how to implement SSL, lets look at once why SSL is required:
Whenever we want to share any sensitive information from client to server, it is advisable to pass the request in an encrypted mode. SSL help us to pass the details in a secure manner from client to server. A client uses a certificate to authenticate server.
In a market there are few certificate authorities available which validates the server as per the certificate available with the browser / client.
If you want to implement SSL in tomcat its very easy. You just have to follow couple of steps and you will be done with SSL in your application.
Here are four simple steps need to be performed:
1) Generate keystore file
2) Modify server.xml file
3) Restart your server
4) Test
Here are the steps in detailed:
1) Generate keystore file
In java if we want to generate a certificate then we can use the utility called "keytool". Here are the steps one need to follow for creating a certificate:
C:\java\jdk*\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: changeit
What is your first and last name?
[Unknown]: hs
Just keep pressing "Return" for all the question which is being asked like
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=hs, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Note: default password is "changeit".
After following above steps automatically a file will be generated on the home directory with the name called ".keystore". ex: C:\Users\{UserName}
2) Modify server.xml file
Uncomment the below line inside "\apache-tomcat-*\conf\server.xml" file to support the "https" requests.
<Connector SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
3) Restart your server
We are almost done with the setup of SSL, since we have made changes inside "server.xml" file it is mandatory to bounce your server to bring "server.xml" changes.
4) Test
Time to verify whether SSL is really enabled and working or not. To verify hit any of your application's URL with "https". Ex: I have one application available called "student" so to verify default landing page I will hit my URL like this:
https://localhost:8443/student/index.jsp
We are done!
Cheers!
Henal Saraiya
Whenever we want to share any sensitive information from client to server, it is advisable to pass the request in an encrypted mode. SSL help us to pass the details in a secure manner from client to server. A client uses a certificate to authenticate server.
In a market there are few certificate authorities available which validates the server as per the certificate available with the browser / client.
If you want to implement SSL in tomcat its very easy. You just have to follow couple of steps and you will be done with SSL in your application.
Here are four simple steps need to be performed:
1) Generate keystore file
2) Modify server.xml file
3) Restart your server
4) Test
Here are the steps in detailed:
1) Generate keystore file
In java if we want to generate a certificate then we can use the utility called "keytool". Here are the steps one need to follow for creating a certificate:
C:\java\jdk*\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: changeit
What is your first and last name?
[Unknown]: hs
Just keep pressing "Return" for all the question which is being asked like
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=hs, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Note: default password is "changeit".
After following above steps automatically a file will be generated on the home directory with the name called ".keystore". ex: C:\Users\{UserName}
2) Modify server.xml file
Uncomment the below line inside "\apache-tomcat-*\conf\server.xml" file to support the "https" requests.
<Connector SSLEnabled="true" clientAuth="false" maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>
3) Restart your server
We are almost done with the setup of SSL, since we have made changes inside "server.xml" file it is mandatory to bounce your server to bring "server.xml" changes.
4) Test
Time to verify whether SSL is really enabled and working or not. To verify hit any of your application's URL with "https". Ex: I have one application available called "student" so to verify default landing page I will hit my URL like this:
https://localhost:8443/student/index.jsp
We are done!
Cheers!
Henal Saraiya
