Thursday, 18 October 2012

Enabling HTTPS request on Tomcat Server


Enabling HTTPS Request on Tomcat

If you are developing a web application which is handling some sensitive data then you may want to use a secure medium for transferring the sensitive data between the web browser and your web server. SSL or Secure Socket Layer is an easy way to offer security to your users. SSL allows web browsers and web servers to encrypt all information and communicate it over a secured connection. 

Hypertext Transfer Protocol Secure (HTTPS) is a widely used communication protocol for secure communication over the Internet. It is simply layering of HTTP over SSL protocol. When we say we are using HTTPS for secure connection, we mean to say that the information (request) is first encrypted using SSL and transmitted using HTTP protocol and then the receiver decrypts it using SSL.

Apache Tomcat fully supports the SSL protocol and provides document on how to configure Tomcat to use SSL , but somehow I found it a little confusing for first time users. So here I am writing it in a simpler way to help you out :)

You need to follow these simple steps to enable HTTPS request in Tomcat server

Step 1 – Create a Keystore

A “keystore” is a repository of security certificates used by SSL protocol for encryption. We will use “keytool” command to create a “Keystore”
<JAVA_HOME>\bin>keytool -genkey -alias tomcat -keyalg RSA

The above command will prompt you for a password and an array of general questions required in generating the keystore & certificate. On successful execution a new file, in the home directory of the current user, named ".keystore" will be created. 

Note: Your keystore password and private key (tomcat) password should be the same.

Step 2 – Edit Tomcat Configuration File (server.xml)

Open <TOMCAT_HOME>\conf\server.xml file and search for the following text
<Connector port="8443" protocol="HTTP/1.1"
By default this entry is commented, you are supposed to just un-comment this entry and make following additional changes
  • Change protocol value from “HTTP/1.1” to “org.apache.coyote.http11.Http11Protocol” 
  • Add keystoreFile="your_keystore_path" keystorePass="your_password" to the entry
After making above change your entry should look somewhat like this
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"keystoreFile="C:\Users\dev\.keystore" keystorePass="changeit"clientAuth="false" sslProtocol="TLS" />
Step 3 – Just save the file and restart your server.

Now you can access https://localhost:8443/

NOTE: If you are using Tomcat with Eclipse IDE then probably you may be required to delete the existing tomcat server instance from IDE and add it again