Setting Up SSL on Tomcat

By: Ramlak Emailed: 1768 times Printed: 2516 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

When transferring usernames and passwords over HTTP, you should set up SSL on Tomcat or whichever application server you are using. This protocol ensures that the names and passwords are in encrypted form as they travel across the network, and thus protected from theft and malicious use by hackers and other intruders.

Setting up SSL on Tomcat 4 is a two-step process:

  1. Use the keytool utility to create a keystore file encapsulating a digital certificate used by the server for secure connections.

  2. Uncomment the SSL Connector element in Tomcat's conf/server.xml file, and alter its attributes if necessary.

The keytool utility is located in the bin subdirectory of the directory where you have installed the JSDK. The following command line creates a single self-signed digital certificate for the Tomcat server within a keystore file named .keystore. This file is created in the home directory of the user running the command.

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

The Unix version of this command is:

$JAVA_HOME\bin\keytool -genkey -alias tomcat -keyalg RSA

(For this command to succeed, the JAVA_HOME environment variable must be set to the directory where the Java 2 SDK is installed, such as h:\j2sdk1.4.1_01.)

The sample below shows the console output resulting from executing the keytool command. The keytool will request some information about you and your organization, but you can accept the default values by pressing Enter. This information is incorporated into the server's certificate and presented to the user (via her web browser) when she requests any components with a URL that starts with https://.

In setting up SSL for Tomcat, you must use the same password for both the keystore and the certificate that is stored in the keystore.The default password used in Tomcat is "changeit":

The console output resulting from using the keytool utility
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  Bruce Perry
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=Bruce Perry, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password):

Finally, uncomment the SSL Connector element in the conf/server.xml file by removing the comment characters around it (<!-- -->). Then restart Tomcat.

The Connector element inside server.xml
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

<Connector className=
  "org.apache.coyote.tomcat4.CoyoteConnector" port=
   "8443" minProcessors="5" maxProcessors="75" enableLookups=
   "true" acceptCount="100" debug="0" scheme="https" secure="true"
    useURIValidationHack="false" disableUploadTimeout="true">

      <Factory className=
      "org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth=
       "false" protocol="TLS" />


The Connector uses a different port number (8443) than that used by insecure HTTP connections (in Tomcat, it's usually 8080). After you have restarted Tomcat, you can now make a secure connection to a web component in the home application with a URL that looks like this:


Java Home | All Java Tutorials | Latest Java Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.

Bookmark and Share


1. View Comment

Good one ! and simple tutorial

View Tutorial          By: Sim at 2011-02-24 01:57:53

Your name (required):

Your email(required, will not be shown to the public):

Your sites URL (optional):

Your comments:

More Tutorials by Ramlak
While Loop in
For Each…Next Loop in
For Loop in
Do Loop in
Setting Up SSL on Tomcat
Unicode and UTF-8 in C
Sample program to demonstrate the use of ActionListener HTTPS hostname wrong: should be PKIX path building failed: unable to find valid certification path to requested target Connection refused: connect
'LINK.EXE' is not recognized as an internal or ext
Using Transactions in JDBC
What is the ACID principal?
How connection pooling works in Java and JDBC
A simple JDBC application sample code

More Tutorials in Java
Update contents of a file within a jar file
Tomcat and httpd configured in port 8080 and 80
Java File
Java String
Count number of vowels, consonants and digits in a String in Java
Reverse a number in Java
Student marks calculation program in Java
Handling Fractions in Java
Calculate gross salary in Java
Calculate average sale of the week in Java
Vector in Java - Sample Program
MultiLevel Inheritance sample in Java
Multiple Inheritance sample in Java
Java program using Method Overriding
Java program to check if user input is an even number

More Latest News
Most Viewed Articles (in Java )
InetAddress Example program in Java
Read from a COM port using Java program
Stack example in Java - push(), pop(), empty(), search()
Using StringTokenizer in Java
The Basic Structure of a Simple Java program
How to use ArrayList in Java
FileReader and FileWriter example program in Java
Transient vs Volatile modifiers in Java
Vector example in Java
Method Overriding in Java
Method Overloading (function overloading) in Java
instanceof sample program in Java
append() in Java
Student marks calculation program in Java
Reading from a file and writing to a file using Java program
Most Emailed Articles (in Java)
Text to Speech conversion program in Java
inheritance in Java
How to initialize an Array and how to copy the array
Using Charts in JasperReports
What is Unicode?
Operator Precedence in Java
Of Object, equals (), == and hashCode ()
DateFormat sample program in Java
A Simple whois program in Java
CharArrayReader example program in Java
ByteArrayOutputStream - sample program in Java
Vector example in Java
Arrays example in Java - asList(), binarySearch(), fill(), sort(), equals()
HashSet Sample program in Java
Disadvantages of using Native methods in Java