Notice! This post is more than a year old. It may be outdated.
Here we are going to have a look at how to set up SSL on Apache Tomcat 7.0. First of all, you must create a keystore file. This stores the server’s private key and certificate. This can be achieved using the keytool bundled with Java.
Enter a password for the keystore. Then enter information about the certificate. You are prompted for the following information.
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: John Smith What is the name of your organizational unit? [Unknown]: John's Diner What is the name of your organization? [Unknown]: John's Diner What is the name of your City or Locality? [Unknown]: Paris What is the name of your State or Province? [Unknown]: Île-de-France What is the two-letter country code for this unit? [Unknown]: fr Is CN=John Smith, OU=John's Diner, O=John's Diner, L=Paris, ST=Île-de-France, C=fr correct? [no]: yes Enter key password for mydomain:
This creates a new keystore file and a self-signed certificate. The location is determined by the
-keystore flag. Each certificate in a Java keystore is associated with a unique alias.
The next step is editing Tomcat’s
server.xml located at
$CATALINA_BASE/conf/server.xml (the location of this file varies depending on your operating system). A new connector needs to be added. Find the location where previous connectors are defined and add the following connector. If you look carefully, then you might find a commented SSL connector. You can uncomment it and modify it so it matches the following example.
Restart Tomcat and you should be in business. Point your browser to https://localhost:8443 and you should get an SSL warning because you are using a self-signed certificate. If nothing happens, then check the
catalina.out log for more information.