跳到主要內容

Setup Tomcat HTTPS (with JDK 8 to Java 15) in 2 mins

 Setup Tomcat 9 HTTPS/SSL

To have a quick view, you may see the video(s):

https://www.youtube.com/watch?v=WDGoF13vhZU



1. Generate Keystore

I am using JDK 15 to generate the keystore. But the steps are similar with Tomcat 6 + openjdk 8(as I have tried it before writing this doc)

  1. Use “keytool” command to create a self-signed certificate.
    During the keystore creation process, you need to assign a password and fill in the certificate’s details.

D:\apache-tomcat-9.0.38\conf>keytool -genkey -alias tomcatks -keyalg RSA -keystore D:\apache-tomcat-9.0.38\conf\tomcatks


When enter the passwords during generation, please make sure the two passwords you entered are
the SAME. This is the requirement of Tomcat. Here is the abstract from Tomcat installation 

Finally, you will be prompted for the key password, which is the password specifically for this Certificate
(as opposed to any other Certificates stored in the same keystore file). You MUST use the same
password here as was used for the keystore password itself. This is a restriction of the Tomcat
implementation. (Currently, the keytool prompt will tell you that pressing the ENTER key does this
for you automatically.) 

2. Connector in server.xml

Next, locate your Tomcat’s server configuration file at D:\apache-tomcat-9.0.38\conf\server.xml,
modify it by adding a connector element to support for SSL or https connection.




Note that if you choose HTTP/1.1 instead of org.apache.coyote.http11.Http11Protocol, just like below.
Tomcat will automatically choose the following selection based on your installation.

I failed the first time because I happened to have installed the first one (APR implementation).
Please follow the official guide for more information for APR implementation setup.

  • the APR implementation, which uses the OpenSSL engine by default.

  • the JSSE implementation provided as part of the Java runtime (since 1.4)

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

              maxThreads="150" scheme="https" secure="true"

              clientAuth="false" sslProtocol="TLS"

      keystoreFile="conf/tomcatks"

      keystorePass="password" />


   <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
	-->
	
		<Connector
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="conf/tomcatks" keystorePass="password"
           clientAuth="false" sslProtocol="TLS"/>
	

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector protocol="AJP/1.3"
               address="::1"
               port="8009"
               redirectPort="8443" />
    -->


3) Restart Tomcat

D:\apache-tomcat-9.0.38\bin>startup



Reference.




標籤:

留言

張貼留言

這個網誌中的熱門文章

IIS connects to Tomcat. Bug in IIS URL redirect, http2

IIS connects to Web/Application Server Tomcat 9 IIS (Internet Information Server 10) on Windows 2016 server Plesk dropped support for connecting Tomcat from IIS. It is disgraceful. I was so disappointed to learn that. However, another exciting opportunity opened up as I learnt URL rewrite is powerful enough to take over the job and even with more elegant simplicity. So I gave it a try. Even without knowing many of its features, I was able to set it up that one of the sites mysub.yourdomain.com (not real domain, just as an example and I tried a few sites in my server) is pointing to a tomcat localhost at 8080. It sounds good enough. Right?   However, after setting the original site mysub.yourdomain.com for using https. All browsers in desktop platform and Android platform seemed to work. But browser in iOS version failed to open the https. After a few digging, some said in forum that it was a known bug https://stackoverflow.com/questions/49141004/ios-10-3-3-not-working-w...
張貼留言
閱讀完整內容

Find directories with specific size with Java. Recursive Function Demonstration.

The first function draft was generated by AI ChatGPT 3.5. But its comparative function was wrong and AI needed extra guidance to pinpoint that comparison of object in Java needs extra cares. Then its revised its recursive function. However the recursive function provided was still incorrect as it failed to count all the size of files and files inside the subfolders of a specific folder. Then I determined to finish it myself and here is my version. The DirectorySizeChecker is a Java program that allows users to check the sizes of directories in their file system. The program takes in a directory path and an optional minimum size in megabytes as command line arguments, and outputs the paths and sizes of all directories that are equal to or larger than the specified size. The program starts by setting a default minimum size of 100MB if no size argument is provided. It then checks if the correct number of arguments have been provided, and if the input directory exists and is indeed a direc...
張貼留言
閱讀完整內容