8i | 9i | 10g | 11g | 12c | 13c | 18c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux

Home » Articles » Linux » Here

Apache Tomcat : Enable HTTPS

This article show how to enable HTTPS for Tomcat. It uses a self-signed certificate, but you could replace this with a valid Certificate Authority (CA) certificate.

Related articles.

Create Keystore

Set the relevant environment variables.

export JAVA_HOME=/u01/ords/jdk1.8.0_91
export CATALINA_HOME=/u01/ords/apache-tomcat-8.0.35
export CATALINA_BASE=$CATALINA_HOME

Create a keystore containing a self-signed certificate. Adjust the "-dname" values and passwords as required. The certificate is valid for about 10 years.

mkdir -p ~/keystore
cd ~/keystore

$JAVA_HOME/jre/bin/keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks \
   -dname "CN=`hostname`, OU=My Department, O=My Company, L=Birmingham, ST=West Midlands, C=GB" \
   -storepass password1 -validity 3600 -keysize 2048 -keypass password1

Configure Tomcat

Make the following two changes to the "$CATALINA_HOME/conf/server.xml" file.

(1)

Before:

    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

After: Amend path and password for your keystore.

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="250" scheme="https" secure="true"
               keystoreFile="/home/oracle/keystore/keystore.jks"
               keystorePass="password1"
               clientAuth="false" sslProtocol="TLS"
               URIEncoding="UTF-8"
               />
               <!--
               If you are using a proxy server, you may need to add the following two entries also.
               proxyName="www.example.com"
               proxyPort="443"-->      

(2)

Before:

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

After:

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" />

Restart Tomcat

Restart Tomcat in the normal way.

$CATALINA_HOME/bin/shutdown.sh

$CATALINA_HOME/bin/startup.sh

You will now be able to access Tomcat using both HTTP and HTTPs.

http://server:8080/
https://server:8443/

For more information see:

Hope this helps. Regards Tim...

Back to the Top.