Quantcast
Channel: Crunchify
Viewing all articles
Browse latest Browse all 1037

Step by Step guide to Enable HTTPS or SSL correct way on Apache Tomcat Server – Port 8443

$
0
0

It’s been almost 12 years I started using Apache Tomcat. I believe when I did my 1st under grade project, it was on Tomcat version 1.x. Now it’s already on version 8.0. Mostly I’ve been in touch with Tomcat Server in my daily work life, simply can’t live without it.

On Crunchify we have already published almost 40 articles on Apache Tomcat. In most of the tutorial I’ve run server on port 8080 which is default port configured in server.xml file.

In this tutorial we will go over all steps in details on how to enable HTTPS/SSL on Apache Tomcat Server.

Let’s get started:

Step-1

keytool: we will generate secure key using keytool command – which is key and certificate management tool.

Command:

keytool -genkey -alias Crunchify -keyalg RSA -keystore /Users/<username>/Documents/crunchifyKey

I’m using Mac OS X, so replace your path accordingly if you are on windows.

Generate Certificate for Apache Tomcat Server

Step-2

Start tomcat server using command: <tomcat_home>/bin/startup.sh. Make sure you are this location.

bash-3.2# pwd
/Users/<username>/Documents/apache-tomcat-8.0.26/bin
bash-3.2# ./startup.sh

Step-3

Hit URL: http://localhost:8080 to make sure server is up and running.

Step-4

Now check port 8443 (HTTPS/SSL URL). Hit URL: https://localhost:8443 – you should see error message. Page shouldn’t load at all.

Apache Tomcat Server Startup fails without proper cert

Step-5

Change server.xml file which is located at <tomcat_home>/conf/ folder and modify settings. In our case it’s /Users/<username>/Documents/apache-tomcat-8.0.26/conf folder.

Look for below properties and add keystoreFile and keystorePass values. Here password is 123456 which I used in Step-1.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="/Users/<username>/Documents/crunchifyKey"
	       keystorePass="123456" />

Add keyStoreFile and keyStorePass - server.xml file

Step-6

Stop and Start server again using commands:

bash-3.2# ./shutdown.sh
bash-3.2# ./startup.sh

Step-7

Now hit HTTPS secure URL again to check you page loaded successfully: https://localhost:8443

Cert installed successfully - Crunchify Tips

and you are all set. Have you noticed red padlock? Don’t worry. We haven’t purchase SSL cert from Verisign or Comodo. In production environment you may not see that red cross sign.

Bonus point:

How to check your cert content using command keytool?

bash-3.2# keytool -list -keystore /Users/<username>/Documents/crunchifyKey

Result:

bash-3.2$ keytool -list -keystore /Users/<username>/Documents/crunchifyKey 
Enter keystore password:  

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

crunchify, Sep 17, 2015, PrivateKeyEntry, 
Certificate fingerprint (SHA1): 3E:F2:95:62:F5:B0:88:09:27:C6:8F:F6:91:84:CD:A0:80:EB:6C:4D
bash-3.2$

Have anything to add to this article? Please chime in and join the conversion.

The post Step by Step guide to Enable HTTPS or SSL correct way on Apache Tomcat Server – Port 8443 appeared first on Crunchify.
Author: App Shah


Viewing all articles
Browse latest Browse all 1037

Trending Articles