This idea comes suddenly on my head while i was reading a question on Kaskus’ programmer forum about how to setup a https connection on Apache Tomcat, thats why today im trying to write a simple how-to example on creating a simple HTTPS connection using Apache Tomcat 6. Who knows perhaps someone would find it useful.
Let’s start with creating a simple certificate file using keytool.exe
C:\Program Files\Java\jdk1.6.0_19\bin>keytool.exe -genkey -alias tomcat -keyalg RSA -keystore edw.jks
after you insert your keystore password (i entered “secret” as my password) and several simple questions such as “What is your first and last name?”, it would create a file.
What you need to do next is to link your certificate to Tomcat’s server.xml configuration. This is what i add to my server.xml configuration.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\edw.jks" keystorePass="secret" /> <!-- keystorePass use the same password -->
And i also add this to my web.xml file, located under my tomcat’s conf folder
<security-constraint> <web-resource-collection> <web-resource-name>Automatic SLL Forwarding</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Hope it would help others, cheers