Configure SSL on Tomcat (with trust store)

flicsdb,

I would recommend you to go through this really simple post for basic understanding about configuring ssl on tomcat.

Steps:
> generate server certificate
> add certificate to trust store
> Set up server.xml

Generate Server certificate:
make sure JAVA_HOME variable is set, navigate to any directory and open command prompt, give the following commands to generate server certificate

keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -keysize 2048

or
(if you don’t like the jks format keystore, you can try below)
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore thekeystore

Above command will generate server certificate in jks format (Java Keystore)

keytool -export -alias server-alias -storepass changeit -file server.crt -keystore keystore.jks

Exports the generated server certificate  into the file server.crt

Add Server certificate to trust store:
Now copy this server.crt to %JAVA_HOME%/jre/lib/security and give the following command

keytool -import -v -trustcacerts -alias server-alias -file server.crt -keystore cacerts -keypass changeit -storepass changeit

Adds certificate to trust store (default trust store location is %JAVA_HOME%/jre/lib/security/cacerts)

Server.xml:
Navigate to tomcat_home/conf/ and edit <connector> tag in server.xml as below according to your location


<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25"  port="8443" keystoreFile="C:\Program Files\Java\jdk1.8.0_101\bin\keystore.jks" keystorePass="changeit"  truststoreFile="C:\Program Files\Java\jdk1.8.0_101\jre\lib\security\cacerts"  protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"  secure="true" sslProtocol="TLS" />

note: the value keystoreFile=”C:\Program Files\Java\jdk1.8.0_101\bin\keystore.jks is the location where I generated the keystore file, give accordingly in your case or this can be copied to any location as well for instance keystoreFile = “H:\keystore.jks”)
** also note that truststoreFile is not required for this setup **

recommended: refer to this post as well

 

Configure SSL on Tomcat (with trust store)

Leave a comment