Configuring HTTPS by JSSE

Feedback

Configuration steps of using JESS method are as follows:

  1. Generate server credential (public key)

Windows:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore D:\key.keystore

Unix:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /home/key.keystore

where -keystore indicates the location of the credential and it can be specified as needed.

Enter the passwork accordint to the prompt ("changeit" is the default password while deploying with Tomcat), "123456" for instance, and then confirm.

  1. Modify the configuration file server.xml to enable SSL.

Annotate the configuration below to disable APR:

<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

Find the configuration for SSL HTTP/1.1 Connector:

<!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the 
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
        ...
-->

Clear the annotation and modify it as follows:

<Connector port="8443" protocol="HTTP/1.1"
                   SSLEnabled="true"
                   maxThreads="150"
                   scheme="https"
                   secure="true"
                   URIEncoding="utf-8"
                   clientAuth="false"
                   keystoreFile="D:\key.keystore"
                   keystorePass="123456"
                   sslProtocol="TLS"/>
  1. Restart Tomcat, and then the Web application can be accessed via HTTPS via the port 8443.