Tomcat with HTTPS SSL

Tomcat and HTTPS is for me one of the less easy things to do. Several times I set up Tomcat with SSL and HTTPS and never documented it untill now....

In my setup for Tomcat and SSL HTTPS I used tomcat version 5.5.23. Tomcat needs a signed JDK to accept HTTPS request correctly. Your JDK will get signed by generating a certificate and add this to the jks keychain. WARNING generating the certificate use ‘localhost ’ as your name or common name, otherwise tomcat will not except this certificate. This is very importend otherwise Tomcat will not accept your certificate!

    $JAVA_HOME\bin\keytool -delete -alias tomcat -keypass changeit
    $JAVA_HOME\bin\keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
    $JAVA_HOME\bin\keytool -export -alias tomcat -keypass changeit -file server.crt
    $JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME\jre\lib\security\cacerts
    $JAVA_HOME\bin\keytool -import -file server.crt -keypass changeit

For tomcat to accept HTTPS request the next few lines should be added to the server.xml. The .keystore file can be found in your home folder.

 <Connector port="8443" maxHttpHeaderSize="8192"
       maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
       enableLookups="false" disableUploadTimeout="true"
       acceptCount="100" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/.keystore"
       keystorePass="changeit"/>

This should be all to get things running. To test your HTTPS SSL connection just start Tomcat, and point to https://localhost:8443. If everything is okee you should see the standard tomcat startup page, otherwise check the tomcat logs. Common mistakes are JAVA_HOME is not set to the correct JDK, and the certificate is not accepted by tomcat the cause can be a incorrect password. I hope this helps to get Tomcat setup to accept HTTPS SSL