Configuring SSL in Tomcat Server

SSL + TomcatSecurity is a major issue while developing a web application that carries confidential data between web browser and server. You will never want that some else come to know your internet banking login name and password!!!

In this tutorial, we will use SSL to protect our private data by configuring SSL in our Tomcat Server.

When we use http protocol to send our data to server any one on the middle of the network can intercept your login name and password because http used text pain text format to send data. So, what else we can do? We can use https protocol to send our secret data to server. In https protocol data is encrypted using SSL algorithm. Description of SSL is out of scope of this tutorial. But you must know that SSL is an encryption algorithm which uses one secret key called private key and one public key to handle secure data transaction between browser and server.

Configuring SSL in Tomcat is a two step process which is as follows :

Step 1. Generating SSL certificate using tool provided with JDK

To work with SSL Tomcat Server need SSL certificate that contains information about keys. These certificates are can be created using tools provided with JDK or we can also buy it from authorized organizations.

keytool is a tool provided in JDK that creates SSL certificates. Just run the following commands on command prompt :


keytool -genkey -alias raistudies.com -keypass raistudies
   -keystore raistudies.bin -storepass raistudies

keytool uses some attributes that must be provided to the tool to create the certificate :

  • -genkey : this attribute is specifying that keytool has to generate a key certificate.
  • -alias : Specify the domain name in which you want to use it. You may specify any name.
  • -keypass and -storepass : Specify pass codes after these words. both must be same.
  • -keystore : The name of the file in which you want to store the SSL certificate.

When you will run this command it will ask you some questions, answer them one by one and your SSL certificate will be created.

SSL Certificate Generation

SSL Certificate Generation

Step 2. Configuring Tomcat Server with generated SSL certificate

Our next step will be to configure Tomcat. First of we will create a directory named “SSL” under “conf” directory of Tomcat Server and then will put the SSL certificate file i.e. “raistudies.bin” in to SSL directory.

Then, open the file named server.xml in conf directory of Tomcat Installation directory and put the following configuration tag in it :


<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/conf/SSL/raistudies.bin" keystorePass="raistudies"/>

Here is the description :

  • <Connector/> tag is used to specify that a new connection configuration has been provided to tomcat.
  • port=”8443″ : Attribute port specifies the port number on which this connection configuration will accept connections.
  • protocol=”HTTP/1.1″ : Attribute protocol specify the basic data protocol to use.
  • SSLEnabled=”true” : It means the connection will use SSL to protect data using encryption.
  • maxThreads=”150″ : Maximum of 150 threads will be executed of this connection configuration.
  • scheme=”https” : Will use https protocol to send data.
  • secure=”true” : The connection should be secure.
  • keystoreFile attribute specify the location of the SSL certificate.
  • keystorePass attribute is used to specify keypass. It should be same as the key specified during certificate generation.

Now Tomcat server is ready to use with SSL.

Run the server and hit following url in a browser : “https://localhost:8443″, you will get following warning from the browser :

Safary Warning About Private SSL

Safary Warning About Private SSL

Click on “Continue” button and you will see SSL is working great with your Tomcat Server.

Secure Page with Private Security Certificate Encription

Secure Page with Private Security Certificate Encription

You can see a lock symbol in address bar that indicates a secure connection.

Related Posts:

Leave a comment ?

1 Comments.

  1. Its simply ZAKAAS……!!!

Leave a Comment Cancel reply

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>