Sie sind auf Seite 1von 4

July 29

SSL

2009
Configurati
on for
Tomcat 6.0
Tomcat 6.0
How to configure the Tomcat 6.0 for Secure connection by
using a self signed certificate, generated by Java keytool in Java Keytool
detailed.
J. M. V. Swamy Naidu M.C.A.
Under
Windows XP
Configure SSL in Tomcat 6.0 using Java keytool 200
9

This article is helpful for the developer who wants to require the
secure connectivity to the Apache Tomcat 6.0 Server. In order to use
this article you must already install the Tomcat 6.0 and Java. If not
download install them for free from their respective sites
Java SDK download here
Tomcat 6.0 downloads here

Here I assume the installation directories for the software’s are


C:/Program Files/Apache Software
Foundation/Tomcat 6.0
C:/Program Files/Java

• Create Self signed certificate using Java keytool:

• Open the command prompt go to Java Installation directory


and then to bin directory.
Ex : C:/Program Files/Java/jdk1.6.0_10/bin/
• Then type the following command to create the self signed
certificate using Java keytool.
Prompt> keytool –genkey –alias Tomcat –keyalg RSA
• The above command creates a .keystore file at user’s home
directory, if you doesn’t find it then use the java property
usre.home to find it.
Ex :
class FindUserHome {
public static void main(String arg[]) {
System.out.println(System.getProperty(“user.home
”);
}
}
• If you want to change the location of the keystore file then
issue the keytool command with –keystore property
followed by the directory structure, where you want to save
the keystore file.

2
Configure SSL in Tomcat 6.0 using Java keytool 200
9

• Configure the Tomcat 6.0 Server to access


Generated Certificate:

Now configure the server.xml file for SSL.


• Open the file server.xml in any editor that supports the file
editing.
• The server.xml file is found at the installation folder of
Tomcat 6.0
Ex : C:/Program Files/Apache Software
Foundation/Tomcat 6.0/conf/server.xml
• Now find the following XML tag

<Connector
protocol =
“org.apache.coyote.http11.Http11Protocol”
port = “8443”
minSpareThreads = “5”
maxSpareThreads = “75”
enableLookups = “true”
disableUploadTimeout = “true”
acceptCount = “100”
maxThreads = “200”
scheme = “https”
secure = “true”
SSLEnabled = “true”
keystoreFile = “${user.home}/.keystore”
keystorePass = “changeit”
clientAuth = “false”
sslProtocol = “TLS”
/>

If the above connector property is found then remove


comments over it.

3
Configure SSL in Tomcat 6.0 using Java keytool 200
9
If it’s not found over there then manually copy the entire tag
to the server.xml file and save.

Notice:

Here, the two properties keystoreFile and


keystorePass are initialized to their default values, if you
change any of then during the creation of the certificate you
must change them here also to run the server without any
errors.

• Test the installation of the certificate in Tomcat:


Finally test the installation of the self signed certificate
installation in the server by typing the URL :
https://localhost:8443
If every thing configured well then you can see a page from your
server [Apache home page located in the local disk]. Accessing the
page using https protocol some browsers doesn’t display directly,
instead they alert you to add exception for that particular site.
By doing all the necessary things you got success.

-Regards
NaiduMCA1@gmail.com
http://www.NaiduMCA.co.cc