Listed below are the steps involved in configuring Tomcat server to run in SSL environment.
Step-1
Install JDK 1.5 or above
Install Tomcat 5 or above
Step-2
Generating Keystore file - Keystore file is the one
which stores the details of the certificates necessary to make the protocol
secured. Certificates contain the information as to who is the source from
which you are receiving the application data and to authenticate whether it is
the intended party or not.Use the Keytool from JDK to generate the certificate
·
Open the command prompt
·
Navigate to %JAVA_HOME%/bin directory
·
Enter the following cmd à keytool -genkey -alias test2certf -keypass ttadmin
-keystore test2certf.bin -storepass ttadmin
·
The above command will be followed by an
questionnaire, enter relevant details accordingly
·
After answering all questions a file ".bin" extension will be generated & it can be found in %JAVA_HOME%/bin
·
Copy
the .bin file in your <TOMCAT_HOME>/webapps directory
Step-3
Configuring Tomcat for using the Keystore file - We need to
make some changes in the server.xml file inside tomcat to use the keystore created in the previous step.
·
Open the file server.xml under the directory
<TOMCAT_HOME>conf/server.xml
·
Add the following entry - <Connector
port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="true"
disableUploadTimeout="true" acceptCount="100"
debug="0" scheme="https"
secure="true" clientAuth="false"
sslProtocol="TLS" keystoreFile="./webapps/xit2certf.bin"
keystorePass="ttadmin"/>
·
Save the file & exit
Step-4
Restart the Tomcat Server & check the working of SSL by
pointing your browser to : https://localhost:8443
Configuring your web application to work with SSL
open the web.xml of the deployed application and add the
below XML fragment
<security-constraint>
<web-resource-collection>
<web-resource-name>securedapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>