Secured Socket Layer (SSL) is the cryptography protocol to provide message security over the Internet. It works on the notion of Private and Public keys and messages are encrypted before sending it over the network. To configure SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment. For the production environment, you should get the digital certificate from SSL certificate providers, for example, Verisign, Entrust, Lets’ Encrypt.
Follow the below steps to create your own digital certificate.
$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycertificate.cert
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Pankaj Kumar
What is the name of your organizational unit?
[Unknown]: Dev
What is the name of your organization?
[Unknown]: JournalDev
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Pankaj Kumar, OU=Dev, O=JournalDev, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: Yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
Re-enter new password:
$ ls
mycertificate.cert
I have used the password “changeit” for Keystore and key but you can use whatever you want. Now our digital certificate is ready and the next step is to enable HTTPS communication port in Tomcat and set it to use our digital certificate for providing SSL support.
To enable SSL open ~Tomcat_Installation/conf/server.xml
file and uncomment following line:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/Users/Pankaj/tomcat/conf/mycertificate.cert"
clientAuth="false" sslProtocol="TLS" />
To avoid any misplacement of the certificate, I have put that in the tomcat conf directory. Now restart Tomcat and try to access any web application over https with port 8443.
So we can access any web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.
In ~TomcatInstallation/conf/server.xml
For HTTP Connector, set the redirect port to the HTTPS connector port. It will look somewhat like this:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
</pre>
</li>
<li>In ~TomcatInstallation/conf/web.xml
Add below configuration but make sure to add it after all the servlet-mapping tags.
<pre>
<!-- added by Pankaj for automatic redirect from HTTP to HTTPS -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Restart the tomcat now and all the HTTP requests will automatically be redirected to HTTPS i.e https://localhost:8080/axis2 will be automatically redirected to https://localhost:8443/axis2 Note: If you don’t want to provide ports in the URLs, then use 80 for HTTP and 443 for HTTPS. In that case, you can skip the first step to automatically redirect HTTP requests to HTTPS because it will automatically pick the default port 443. Update: If you are working on Tomcat, you might be interested in the following posts.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
While we believe that this content benefits our community, we have not yet thoroughly reviewed it. If you have any suggestions for improvements, please let us know by clicking the “report an issue“ button at the bottom of the tutorial.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
After configured ssl in my apachi tomact server im getting 404 error
- Mahe
Can we use the redirect port as 443 in tomcat. Because when I use 443 port then my webapplication cannot open. Can you please tell me how we can use the 443 pot in tomcat for Java webapplication
- sarika sirsat
HI Pankaj,I am using Embedded tomcat (runnning as my java process )and i donot want to rediect HTTP traffic to HTTPS. i have not setRedirectPort on HTTPConnector but its still redirecting traffic to HTTPS. what could be the reason. httpConnector =tomcatServer.getConnector(); httpConnector.setPort(8080); httpConnector.setSecure(false); httpConnector.setScheme(“http”);
- sneha thakur
http to https redirect takes to
https:///ROOT
but if I accesshttps://URL/
it is good. I’ve set tomcat app to ROOT context. If any path the redirection works good but only if ROOT http redirection is having this issue. Any help appreciated please.- Chakaravarthy Natesan
One thing that might mess you up is setting up port 443 because any use of ports under 1024 require root access and most IT shops won’t let developers have root access on anything. So in this case, you might need apache web server to listen in on port 443 and redirect requests to port 8443 and just have the tomcat connector listen on 8443. Again, that may require admin intervention to edit the config files under apache web server. Good luck! PS: That issue is my #1 problem facing me - access to resources even on development servers. Maybe you all have looser restrictions or are just trying to get things to work locally. Just keep in mind as you go up the chain of deployment, local - dev - test -stage - prod, you might have to rethink how things work.
- Patrick
Hello Pankaj, I have followed the steps and I have deployed Jenkins in tomcat. somehow
https://host:port/jenkins
is not redirecting tohttps://host:port/jenkins
by automatically but it is redirecting without Jenkins pattern (I meanhttps://host:port
tohttps://host:port
). Do you have any idea?- Rama Krishna
Hello Pankaj, Can you suggest how to configure tomcat 8080 redirect to SSL port based on Different Application on single Tomcat Service? For example :
https://site1:8080/Application1
redirect tohttps://site1:443/Application1
https://site2:8080/Application2
redirect tohttps://site2:445/Application2
Both application on Tomcat 6.0.- Saket Yadav
Hi Pankaj, I have tomcat webservice running in Windows server and goes to http 301 status at least once in week. Restart of service not helping. Once I reboot entire server then it works again. Any idea whether it’s due to this redirect?
- Sai
I have installed SSL Certificate successfully and i have also make relevant changes in server.xml and web.xml in tomcat/conf/ folder. In Production server request is redirect to
https://localhost:8080/
but in live mean from internet it’s redirect tohttps://www.example.com
Only. Please help me.- Nirav Prajapati
How can I manage post action while http to https? For example, I try to access http with post parameters, will it retrain after it is redirected to https. I guess on redirection it performs get action and no parameters aren’t migrated.
- kiruba