HTTPS/SSL with Tomcat 6 on Ubuntu

Generate self-signed certificate

Create certificate.bin with user admin and password adminpass:

keytool -genkey -alias admin -keypass adminpass -keystore certificate.bin -storepass adminpass

Accept default values except for the last question

What is your first and last name?
  [Unknown]:  
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Move certificate.bin to Tomcat folder.

Setup Tomcat

In <tomcat_folder>/conf/server.xml, uncomment the definition starting with <Connector port=“8443” and add keystoreFile and keystorePass attributes:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="certificate.bin" keystorePass="adminpass" />

Notes

  • certificate.bin can be anywhere, just use its absolute path in server.xml
  • possible to change 8443 to anything else
  • possible to disable the non-SSL connector (just comment it out)

Reference

 

Feedback