user image

Shilpa
Published in : 2022-02-27

How to setup HTTPS or SSL on my web application which is running on Tomcat server?

Servers, Hosting

I am using Tomcat v9.0 and I have deployed a java application with server on staging and production websites using same tomcat configuration. When I hit the URL, it is not redirecting user to HTTPS.

I have generated CSR and I got certificates files from registrar. I used below command to generate keystore.

keytool -genkey -alias tomcat -keyalg RSA

My connector in server.xml file,

<!--
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

Did I miss anything in the code while deploying the WAR/EAR to staging and live server?

Comments

Eslam Zedan Date : 2022-02-28

Best answers

8

Best answers

8

Try add SSLEnabled="true" 

 

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"/>
-->

 

 

Rakshit Date : 2022-02-28

Best answers

34

Best answers

34

You can achieve your task with simple few steps: 

  • Create Keystore
  • Configure Keystore with your tomcat
  • Test what you did!

I am assuming you have already created the keystone from keytool command.

Find the following declaration:

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

You can uncomment the lines and modify them as below.

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout="true" enableLookups="false" maxThreads="25"
    port="8443" keystoreFile="c:/RaxTonProduction/.keystore" keystorePass="password"
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
    secure="true" sslProtocol="TLS" />

What did you do here?

You added the keystoreFile, keystorePass and changed the protocol declarations.

You can run your application on default HTTPS port 8443.

In this case, your 8080 (HTTP) port will also work.


If your requirement is to run your application with HTTPS only and not over HTTP, here is something that you can do!

Open your web.xml file, and add the below code:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

It will always run your application over HTTPS port only!

Hope you find your answer!

Reference: Tomcat

Shilpa Date : 2022-02-28

Appreciate your efforts. It worked!!

This is something new to me, when I run my java application it redirects to HTTPS port by itself, that is what I want.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Leave a comment

Join us

Join our community and get the chance to solve your code issues & share your opinion with us

Sign up Now

Related posts

What is the way to identify hardware configurations for small business application?
Publish date: 2022-05-12 | Comments: 1

Servers, Hosting

How to convert .pfx file to .crt file for Tomcat server?
Publish date: 2022-02-27 | Comments: 2

Servers, Hosting

Laravel force redirect to https
Publish date: 2022-02-28 | Comments: 0

Servers, Hosting