// Tutorial //

Steps to Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS

Published on August 3, 2022
Default avatar
By Pankaj
Developer and author at DigitalOcean.
Steps to Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS

While we believe that this content benefits our community, we have not yet thoroughly reviewed it. If you have any suggestions for improvements, please let us know by clicking the “report an issue“ button at the bottom of the tutorial.

Secured Socket Layer (SSL) is the cryptography protocol to provide message security over the Internet. It works on the notion of Private and Public keys and messages are encrypted before sending it over the network. To configure SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment. For the production environment, you should get the digital certificate from SSL certificate providers, for example, Verisign, Entrust, Lets’ Encrypt.

Creating SSL Certificate

Follow the below steps to create your own digital certificate.

$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycertificate.cert
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Pankaj Kumar
What is the name of your organizational unit?
  [Unknown]:  Dev
What is the name of your organization?
  [Unknown]:  JournalDev
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  Karnataka
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Pankaj Kumar, OU=Dev, O=JournalDev, L=Bangalore, ST=Karnataka, C=IN correct?
  [no]:  Yes

Enter key password for <tomcat>
	(RETURN if same as keystore password):
Re-enter new password:
$ ls
mycertificate.cert

I have used the password “changeit” for Keystore and key but you can use whatever you want. Now our digital certificate is ready and the next step is to enable HTTPS communication port in Tomcat and set it to use our digital certificate for providing SSL support.

Tomcat HTTPS

To enable SSL open ~Tomcat_Installation/conf/server.xml file and uncomment following line:

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               keystoreFile="/Users/Pankaj/tomcat/conf/mycertificate.cert"
	       clientAuth="false" sslProtocol="TLS" />

To avoid any misplacement of the certificate, I have put that in the tomcat conf directory. Now restart Tomcat and try to access any web application over https with port 8443. Tomcat SSL Enabled

Tomcat Redirect HTTP to HTTPS

So we can access any web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.

  1. In ~TomcatInstallation/conf/server.xmlFor HTTP Connector, set the redirect port to the HTTPS connector port. It will look somewhat like this:

    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
        <Connector port="8090" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                   enableLookups="false" redirectPort="8443" acceptCount="100"
                   connectionTimeout="20000" disableUploadTimeout="true" />
    </pre>
    </li>
    <li>In ~TomcatInstallation/conf/web.xml
    
    Add below configuration but make sure to add it after all the servlet-mapping tags.
    
    <pre>
    <!-- added by Pankaj for automatic redirect from HTTP to HTTPS -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    

Restart the tomcat now and all the HTTP requests will automatically be redirected to HTTPS i.e https://localhost:8080/axis2 will be automatically redirected to https://localhost:8443/axis2 Note: If you don’t want to provide ports in the URLs, then use 80 for HTTP and 443 for HTTPS. In that case, you can skip the first step to automatically redirect HTTP requests to HTTPS because it will automatically pick the default port 443. Update: If you are working on Tomcat, you might be interested in the following posts.

If you’ve enjoyed this tutorial and our broader community, consider checking out our DigitalOcean products which can also help you achieve your development goals.

Learn more here


About the authors
Default avatar
Pankaj

author

Developer and author at DigitalOcean.

Still looking for an answer?

Was this helpful?

After configured ssl in my apachi tomact server im getting 404 error

- Mahe

    Can we use the redirect port as 443 in tomcat. Because when I use 443 port then my webapplication cannot open. Can you please tell me how we can use the 443 pot in tomcat for Java webapplication

    - sarika sirsat

      HI Pankaj,I am using Embedded tomcat (runnning as my java process )and i donot want to rediect HTTP traffic to HTTPS. i have not setRedirectPort on HTTPConnector but its still redirecting traffic to HTTPS. what could be the reason. httpConnector =tomcatServer.getConnector(); httpConnector.setPort(8080); httpConnector.setSecure(false); httpConnector.setScheme(“http”);

      - sneha thakur

        http to https redirect takes to https:///ROOT but if I access https://URL/ it is good. I’ve set tomcat app to ROOT context. If any path the redirection works good but only if ROOT http redirection is having this issue. Any help appreciated please.

        - Chakaravarthy Natesan

          One thing that might mess you up is setting up port 443 because any use of ports under 1024 require root access and most IT shops won’t let developers have root access on anything. So in this case, you might need apache web server to listen in on port 443 and redirect requests to port 8443 and just have the tomcat connector listen on 8443. Again, that may require admin intervention to edit the config files under apache web server. Good luck! PS: That issue is my #1 problem facing me - access to resources even on development servers. Maybe you all have looser restrictions or are just trying to get things to work locally. Just keep in mind as you go up the chain of deployment, local - dev - test -stage - prod, you might have to rethink how things work.

          - Patrick

            Hello Pankaj, I have followed the steps and I have deployed Jenkins in tomcat. somehow https://host:port/jenkins is not redirecting to https://host:port/jenkins by automatically but it is redirecting without Jenkins pattern (I mean https://host:port to https://host:port). Do you have any idea?

            - Rama Krishna

              Hello Pankaj, Can you suggest how to configure tomcat 8080 redirect to SSL port based on Different Application on single Tomcat Service? For example : https://site1:8080/Application1 redirect to https://site1:443/Application1 https://site2:8080/Application2 redirect to https://site2:445/Application2 Both application on Tomcat 6.0.

              - Saket Yadav

                Hi Pankaj, I have tomcat webservice running in Windows server and goes to http 301 status at least once in week. Restart of service not helping. Once I reboot entire server then it works again. Any idea whether it’s due to this redirect?

                - Sai

                  I have installed SSL Certificate successfully and i have also make relevant changes in server.xml and web.xml in tomcat/conf/ folder. In Production server request is redirect to https://localhost:8080/ but in live mean from internet it’s redirect to https://www.example.com Only. Please help me.

                  - Nirav Prajapati

                    How can I manage post action while http to https? For example, I try to access http with post parameters, will it retrain after it is redirected to https. I guess on redirection it performs get action and no parameters aren’t migrated.

                    - kiruba