Using SSL on Stand Alone Tomcat

On a recent client project, I had the opportunity to setup SSL for generated applications.  I’d like to share a document that I used to help me through it.


This link describes how to configure SSL support on Tomcat 6. Please read the whole document to gain basic understanding of SSL mechanism and consequence of using SSL.

For example, if we want to run m-power generated apps on SSL we need to do the following 2 steps: (assuming you are using JDK 1.6)

1. Create a keystore file by type this at a command line:

C:\>keytool -genkey -alias tomcat -keyalg RSA

(we have entered password as ‘changeit’ to simplify the process). A file .keystore is created in you home directory. Tomcat by default will look in this location for this file.

2. Modify server.xml file to add these lines to the applicable connector: (you may already have these lines in the file and you only need to uncomment them out)

maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Of course, because we created this Key ourselves, our browser is going to complain that the certificate is not authentic. That makes sense — Firefox or IE cannot trust me (or you!). In a real world scenario (i.e. banking), you will need to buy a key from a reputable company. This key would then replace the one you created in step #1.

Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *