SSL Configurati on for Tomcat 6.

July 29

2009
Tomcat 6.0 Java Keytool Under Windows XP

How to configure the Tomcat 6.0 for Secure connection by using a self signed certificate, generated by Java keytool in detailed. J. M. V. Swamy Naidu M.C.A.

Configure SSL in Tomcat 6.0 using Java keytool

200 9

This article is helpful for the developer who wants to require the
secure connectivity to the Apache Tomcat 6.0 Server. In order to use this article you must already install the Tomcat 6.0 and Java. If not download install them for free from their respective sites Java SDK download here Tomcat 6.0 downloads here Here I assume the installation directories for the softwares are C:/Program Files/Apache Software Foundation/Tomcat 6.0 C:/Program Files/Java

Create Self signed certificate using Java keytool:

Open the command prompt go to Java Installation directory and then to bin directory. Ex : C:/Program Files/Java/jdk1.6.0_10/bin/ Then type the following command to create the self signed certificate using Java keytool. Prompt> keytool genkey alias Tomcat keyalg RSA The above command creates a .keystore file at users home directory, if you doesnt find it then use the java property user.home to find it. Ex : class FindUserHome { public static void main(String arg[]) { System.out.println(System.getProperty(user.home) ; } } If you want to change the location of the keystore file then issue the keytool command with keystore property followed by the directory structure, where you want to save the keystore file.

Configure SSL in Tomcat 6.0 using Java keytool

200 9

Configure the Tomcat 6.0 Server to access Generated Certificate:

Now configure the server.xml file for SSL. Open the file server.xml in any editor that supports the file editing. The server.xml file is found at the installation folder of Tomcat 6.0 Ex : C:/Program Files/Apache Software Foundation/Tomcat 6.0/conf/server.xml Now find the following XML tag <Connector protocol = org.apache.coyote.http11.Http11Protocol port = 8443 minSpareThreads = 5 maxSpareThreads = 75 enableLookups = true disableUploadTimeout = true acceptCount = 100 maxThreads = 200 scheme = https secure = true SSLEnabled = true keystoreFile = ${user.home}/.keystore keystorePass = changeit clientAuth = false sslProtocol = TLS /> If the above connector property is found then remove comments over it.

Configure SSL in Tomcat 6.0 using Java keytool

200 9

If its not found over there then manually copy the entire tag to the server.xml file and save. Notice: Here, the two properties keystoreFile and keystorePass are initialized to their default values, if you change any of then during the creation of the certificate you must change them here also to run the server without any errors.

Test the installation of the certificate in Tomcat:

Finally test the installation of the self signed certificate

installation in the server by typing the URL : https://localhost:8443 If every thing configured well then you can see a page from your server [Apache home page located in the local disk]. Accessing the page using https protocol some browsers doesnt display directly, instead they alert you to add exception for that particular site. By doing all the necessary things you got success.

-Regards NaiduMCA1@gmail.com http://www.NaiduMCA.co.cc