{"id":3070,"date":"2012-09-09T01:01:49","date_gmt":"2012-09-08T19:31:49","guid":{"rendered":"http:\/\/JitendraZaa.com\/blog\/?p=3070"},"modified":"2012-09-09T01:01:49","modified_gmt":"2012-09-08T19:31:49","slug":"simple-guide-to-setup-ssl-in-tomcat","status":"publish","type":"post","link":"https:\/\/www.jitendrazaa.com\/blog\/java\/simple-guide-to-setup-ssl-in-tomcat\/","title":{"rendered":"Simple guide to setup SSL in Tomcat"},"content":{"rendered":"

I have enabled SSL in tomcat many times however initially I struggled to get it in running condition. So I thought to share a simple approach I am following now days.<\/p>\n

Step 1:<\/strong><\/p>\n

Run tool “Keytool<\/strong>“\u009d provided by the JRE to create a “keystore file”\u009d.
\nThe command to run tool is:<\/p>\n

keytool -genkey -alias tomcat -keyalg RSA -keystore D:\/.keyStore<\/p><\/blockquote>\n

Where “D:\/.keystore”\u009d is the path where file should be created.
\nInstead of alias “tomcat”\u009d any other name can be used.
\nAfter running above command, you will be asked many questions, so answer them correctly as shown in below image:<\/p>\n

\"Tomcat<\/a>
Tomcat SSL keytool to create keystore file<\/figcaption><\/figure>\n

Remember the password provided, as it will be needed in next step.<\/p>\n

Step 2:<\/strong><\/p>\n

Now, in next step go to “conf”\u009d folder of tomcat, and open file “server.xml”\u009d.
\nThere you will find lines of code something like:<\/p>\n

\n<-- Define a SSL Coyote HTTP\/1.1 Connector on port 8443 -->\n<!--\n<Connector\n           port="8443" minProcessors="5" maxProcessors="75"\n           enableLookups="true" disableUploadTimeout="true"\n           acceptCount="100" debug="0" scheme="https" secure="true";\n           clientAuth="false" sslProtocol="TLS"\/>\n-->\n<\/pre>\n
So, to enable the SSL, uncomment above code and tweek like below:<\/p>\n
\n<Connector\n\tprotocol="org.apache.coyote.http11.Http11Protocol"\n\tport="8443" maxHttpHeaderSize="8192"\n    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"\n    enableLookups="true" disableUploadTimeout="true"\n    acceptCount="100" scheme="https" secure="true"\n    clientAuth="false" sslProtocol="TLS"\n\tkeystoreFile="F:eclipseFrameworksapache-tomcat-5.5.31 - SSL Configured.keyStore"\n\tkeystorePass="YOURpwd"\/>\n<\/pre>\n
As you can see, I have added few more attributes like:<\/p>\n
Protocol :<\/strong> If the APR (Apache Portable Runtime<\/strong>) is enabled in tomcat (maximum time it is enabled by default), then this approach will not work. so configure tomcat that we want to use Java (JSSE) connector, regardless of whether the APR library is loaded or not.
\nkeystoreFile :<\/strong> Full path of the keystore file creates in step 1.
\nkeystorePass:<\/strong> Password used while creating file in step1.<\/p>\n
After these changes, save Server.xml and navigate to: https:\/\/localhost:8443\/ , As you can see in below image, SSL is enabled.<\/p>\n
\"Https<\/a>
https protocol in Tomcat – SSL Enabled<\/figcaption><\/figure>\n
Now, as you can see, although we have created SSL certificate for local server, browser is showing that it is not secured.<\/p>\n
SSL verifies the authenticity of a site’s certificate by using something called a “chain of trust,” which basically means that during the handshake, SSL initiates an additional handshake with the Certificate Authority (CA) specified in your site’s certificate, to verify that you haven’t simply made up your own CA (Which actually we have done in our case \ud83d\ude42 ).<\/p>\n
If you want to remove error, you have to get certificate from some Certificate Authority so that during handshake, accuracy of your certificate can be validated.
\nIf you have valid certificates then please read this article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
I have enabled SSL in tomcat many times however initially I struggled to get it in running condition. So I thought to share a simple approach I am following now days. Step 1: Run tool “Keytool“\u009d provided by the JRE to create a “keystore file”\u009d. The command to run tool is: keytool -genkey -alias tomcat […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"jz_research_post":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3,4,11],"tags":[329,188,199],"class_list":["post-3070","post","type-post","status-publish","format-standard","hentry","category-java","category-jsp","category-servlet","tag-java","tag-ssl","tag-tomcat"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":2274,"url":"https:\/\/www.jitendrazaa.com\/blog\/java\/how-to-start-the-tomcat-in-debug-mode-for-debugging-in-eclipse\/","url_meta":{"origin":3070,"position":0},"title":"How to start the tomcat in debug mode for debugging in eclipse","author":"Jitendra","date":"June 21, 2011","format":false,"excerpt":"This is the tutorial on How to start the tomcat in debug mode for debugging in eclipse","rel":"","context":"In "JAVA"","block_context":{"text":"JAVA","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/java\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1959,"url":"https:\/\/www.jitendrazaa.com\/blog\/java\/servlet\/create-servlet-using-annotation\/","url_meta":{"origin":3070,"position":1},"title":"Create Servlet using Annotation – Servlet 3.0","author":"Jitendra","date":"April 13, 2011","format":false,"excerpt":"Create the Servlet without any deployment descriptor. Using Annotations","rel":"","context":"In "Servlet"","block_context":{"text":"Servlet","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/java\/servlet\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1482,"url":"https:\/\/www.jitendrazaa.com\/blog\/java\/servlet\/how-container-handles-the-servlet-request\/","url_meta":{"origin":3070,"position":2},"title":"How container handles the Servlet request","author":"Jitendra","date":"February 12, 2011","format":false,"excerpt":"How container handles the Servlet request or How the apache Tomcat works","rel":"","context":"In "Servlet"","block_context":{"text":"Servlet","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/java\/servlet\/"},"img":{"alt_text":"Client Browse Servlet URL","src":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2011\/02\/Client-Browse-Servlet-URL.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":6429,"url":"https:\/\/www.jitendrazaa.com\/blog\/salesforce\/heroku\/access-heroku-postgresql-database-locally-using-docker\/","url_meta":{"origin":3070,"position":3},"title":"Access Heroku PostgreSQL Database Locally using Docker","author":"Jitendra","date":"March 11, 2018","format":false,"excerpt":"How to use Heroku Postgres Database from any third party application or local server","rel":"","context":"In "Heroku"","block_context":{"text":"Heroku","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/salesforce\/heroku\/"},"img":{"alt_text":"Heroku Postgres from local PHP Server","src":"https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2018\/03\/Heroku-Postgres-from-local-PHP-Server.gif?fit=594%2C674&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2018\/03\/Heroku-Postgres-from-local-PHP-Server.gif?fit=594%2C674&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.jitendrazaa.com\/blog\/wp-content\/uploads\/2018\/03\/Heroku-Postgres-from-local-PHP-Server.gif?fit=594%2C674&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":1586,"url":"https:\/\/www.jitendrazaa.com\/blog\/java\/servlet\/read-file-present-inside-java-and-j2ee-project\/","url_meta":{"origin":3070,"position":4},"title":"Read File Present inside Java and J2EE Project","author":"Jitendra","date":"February 24, 2011","format":false,"excerpt":"How to Read File Present inside Java and J2EE Project","rel":"","context":"In "Servlet"","block_context":{"text":"Servlet","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/java\/servlet\/"},"img":{"alt_text":"Read File Present inside Java and J2EE Project","src":"https:\/\/i0.wp.com\/jitendrazaa.com\/blog\/wp-content\/uploads\/2011\/02\/Read-File-Present-inside-Java-and-J2EE-Project.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1962,"url":"https:\/\/www.jitendrazaa.com\/blog\/others\/tips\/eclipse-how-to-upgrade-from-galileo-3-5-to-helios-3-6\/","url_meta":{"origin":3070,"position":5},"title":"Eclipse – How to upgrade from Galileo (3.5) to Helios (3.6)","author":"Jitendra","date":"April 13, 2011","format":false,"excerpt":"Eclipse - How to upgrade from Galileo (3.5) to Helios (3.6)","rel":"","context":"In "Tech Tips"","block_context":{"text":"Tech Tips","link":"https:\/\/www.jitendrazaa.com\/blog\/category\/others\/tips\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/3070","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/comments?post=3070"}],"version-history":[{"count":0,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/posts\/3070\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/media?parent=3070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/categories?post=3070"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jitendrazaa.com\/blog\/wp-json\/wp\/v2\/tags?post=3070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}