DanBrother的部落格

Apache Tomcat 9.0 - SSL Configuration Procedures

1. Genarete the Certificate Keystore

[oracle@danbrother ~]$ keytool -genkey -alias tomcat -keyalg RSA

Enter keystore password: 

Re-enter new password:

What is your first and last name?

  [Unknown]:  DanBrother

What is the name of your organizational unit?

  [Unknown]:  home

What is the name of your organization?

  [Unknown]:  home

What is the name of your City or Locality?

  [Unknown]:  Taipei

What is the name of your State or Province?

  [Unknown]:  Taiwan

What is the two-letter country code for this unit?

  [Unknown]:  TW

Is CN=DanBrother, OU=home, O=home, L=Taipei, ST=Taiwan, C=TW correct?

  [no]:  yes

Enter key password for <tomcat>

        (RETURN if same as keystore password): 

To verify that the .keystore file has been created :

[oracle@danbrother ~]$ ls -al .keystore

-rw-r--r--. 1 oracle dba 2223 Sep 20 11:07 .keystore
 

2. Edit the Tomcat's Main Configuration File (server.xml) to enable SSL and disable HTTP

[oracle@danbrother ~]$ export CATALINA_BASE=/source/apache-tomcat-9.0.0.M10

[oracle@danbrother ~]$ cd $CATALINA_BASE/conf

    <!--

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

               maxThreads="150" SSLEnabled="true">

        <SSLHostConfig>

            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"

                         type="RSA" />

        </SSLHostConfig>

    </Connector>

    -->

To enable SSL , change the above settings (gray color) in server.xml to the following:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
keystoreFile="/home/oracle/.keystore" keystorePass="YourPass" scheme="https"
secure="true" clientAuth="false" sslProtocol="TLS"
maxThreads="200" SSLEnabled="true">

    </Connector>

    <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443" />

To disable HTTP, comment out the above settings (gray color) in server.xml by the following:
<!--

    <Connector port="8080" protocol="HTTP/1.1"

               connectionTimeout="20000"

               redirectPort="8443" />

-->

3. Restart the CATALINA Server (Apache Tomcat Server)

[oracle@danbrother conf]$ cd ../bin
[oracle@danbrother bin]$ ./shutdown.sh && ./startup.sh

[oracle@danbrother bin]$ netstat -tnlp |grep -e 8080 -e 8443

(Not all processes could be identified, non-owned process info

 will not be shown, you would have to be root to see it all.)

tcp6       0      0 :::8443                 :::*                    LISTEN      5710/java 

Open the brower and enter the URL as follows:
https://127.0.0.1:8443
 

[Reference]
https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html