How to setup HTTPS or SSL on my web application which is running on Tomcat server?

I am using Tomcat v9.0 and I have deployed a java application with server on staging and production websites using same tomcat configuration. When I hit the URL, it is not redirecting user to HTTPS.

I have generated CSR and I got certificates files from registrar. I used below command to generate keystore.

keytool -genkey -alias tomcat -keyalg RSA

My connector in server.xml file,

<!--
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

Did I miss anything in the code while deploying the WAR/EAR to staging and live server?

Comments

Eslam Zedan

28 Feb 2022

Try add SSLEnabled="true"

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"/>
-->

Rakshit

28 Feb 2022

Best Answer

You can achieve your task with simple few steps:

Create Keystore
Configure Keystore with your tomcat
Test what you did!

I am assuming you have already created the keystone from keytool command.

Find the following declaration:

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->

You can uncomment the lines and modify them as below.

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
 disableUploadTimeout="true" enableLookups="false" maxThreads="25"
 port="8443" keystoreFile="c:/RaxTonProduction/.keystore" keystorePass="password"
 protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
 secure="true" sslProtocol="TLS" />

What did you do here?

You added the keystoreFile, keystorePass and changed the protocol declarations.

You can run your application on default HTTPS port 8443.

In this case, your 8080 (HTTP) port will also work.

If your requirement is to run your application with HTTPS only and not over HTTP, here is something that you can do!

Open your web.xml file, and add the below code:

<security-constraint>
 <web-resource-collection>
 <web-resource-name>securedapp</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
</security-constraint>

It will always run your application over HTTPS port only!

Hope you find your answer!

Reference: Tomcat

Replies

Shilpa

28 Feb 2022

Appreciate your efforts. It worked!!

This is something new to me, when I run my java application it redirects to HTTPS port by itself, that is what I want.

<security-constraint>
 <web-resource-collection>
 <web-resource-name>securedapp</web-resource-name>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <user-data-constraint>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
</security-constraint>