Tuesday, May 19, 2020

How to enable SSL/HTTPS in tomcat

In this post, we will have walk-through on how to enable SSL/HTTPS in tomcat server. 7 years back, this is the starting point where I got curious about HTTPS, when I have enabled SSL for my tomcat server in my local machine. It is good way to begin with, so jotting down the steps here for others:

Step by Step Illustration:

#1 Once tomcat is installed in your system, locate bin folder of tomcat as below. Copy the bin location.

#2 In the command prompt, perform below steps:
     #2.1 Navigate to the tomcat bin location using CD command. You can use the location copied from Step#1 here.
             cd tomcatbinlocation
     #2.2 Once you ensure that you are in the location of tomcat bin, perform below steps: Execute keytool command to generate keystore
keytool -genkey -alias MyTomcatInstance -keyalg RSA -keystore D:\MyTomcatKeystore
     #2.3 It would bring up the generic questionnaire: password, first and last name, .. as below
     #2.4 You can fill the answers and click on enter, and it would be self explanatory.
     #2.5 Please refer to below screenshot, if you are stuck anywhere
     #2.6 You have to remember the password you are providing here.

#3 Once step#2 is successful you should be able to see the keystore file in the location mentioned by you in the above command. In my case I have given it as D:|MyTomcatKeystore. And  I see it in the expected location too. That means we are all good to proceed.

#4 Locate server.xml in your tomcat/conf folder as highlighted below. Edit server.xml to view HTTP port and to enable HTTPS port.
#5 Add the below tag to your tomcat's server.xml with the below details:
     #5.1 Take a close look at the HTTPS port i.e. 8443 or some other unused port
     #5.2 Provide the keystore you have generated in your step#3
     #5.3 Also provide the password of the keystore you have generated in your step #2

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS"
       keystorePass="changeit" />

#6 Once above changes are done, save server.xml. Restart your tomcat server.
    - Make a hit to your tomcat instance via https://localhost:8443/prweb 
    - And that should take you to the login page.

Note: After carrying out the above steps, when you hit https URL, it might take you to a page where you have to click on Advanced and proceed. And then it takes you to above page.

So with the above steps, we successfully enabled SSL in the localhost tomcat server. Concept would be same even when you are applying it in the actual tomcat server too in real-time (just that keystore creation would differ).
- This means you can use all your apps deployed in tomcat via HTTPS URL like the way we used Pega (prweb app in tomcat which refers to our pega application).

Now you are all set to learn advanced concepts of SSL. In future posts, will take you to the 2 way SSL. Above setup in your local system would help you there. Stay tuned.


1 comment:

  1. Thanks for the very helpful post.
    Could you clarify what is MyTomcatInstance in below command?
    keytool -genkey -alias MyTomcatInstance -keyalg RSA -keystore D:\MyTomcatKeystore


HowToPega : All rights reserved and the contents are copyrighted to Pavan Kumar Naidu