This article primarily discusses a little about Tomcat installation in local and then generating a keystore for configuring the Tomcat server and to be able to browse on https.
Tomcat Installation Procedure:
I have downloaded Tomcat from the here for this article. I am using Mac for this example and so, it is better to download the file with “tar.gz” from the binary distribution of the core modules.
Unarchive the tar.gz file and copy the folder in the desired location.
Change the ownership of the Tomcat folder hierarchy by running the following command:
sudo chown -R <your_username> {Your Tomcat folder location}
Make all scripts executable by running the following command:
sudo chmod +x {Your Tomcat folder location}/bin/*.sh
Now open terminal and goto tomcat folder location and run the following command:
$ {Your Tomcat folder location}/bin/startup.sh
Once you see the status as started, now go to browser and browse http://localhost:8080 and you should see the home page of the Tomcat server. If you are able to browse, then we are good with the deployment.
When you click on “Server Status”, it will ask for username and password. By default, Tomcat will have no admin credentials and so we need to create one.
Go to $TOMCAT_HOME directory and open the folder “conf” and then edit the tomcat-users.xml. Add the following at the end of the xml (before </tomcat-users>) as below:
<!-- <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="<must-be-changed>" roles="tomcat"/> <user username="both" password="<must-be-changed>" roles="tomcat,role1"/> <user username="role1" password="<must-be-changed>" roles="role1"/> --> <role rolename="manager-gui"/> <user username="admin" password="admin" roles="manager-gui"/> </tomcat-users>
Now restart Tomcat server and you should be good to enter the credentials and view the pages.
Configuring HTTPS:
For configuring HTTPS, we need to keystore file first.
Open terminal and type the following command:
$JAVA_HOME/bin/keytool -genkey -alias [youralias] -keyalg RSA -keystore [/preferred/keystore/path]
Use an [alias] and [path] of your choice.
It will ask you the following questions and enter appropriate answers:
Enter keystore password: 123456 Re-enter new password: 123456 What is your first and last name? [Unknown]: DEV DEV What is the name of your organizational unit? [Unknown]: DEVELOPMENT What is the name of your organization? [Unknown]: MYORG What is the name of your City or Locality? [Unknown]: NYC What is the name of your State or Province? [Unknown]: NY What is the two-letter country code for this unit? [Unknown]: US Is CN=DEV DEV, OU=DEVELOPMENT, O=MYORG, L=NYC, ST=NY, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password): 123456 Re-enter new password: 123456
It will now create a keystore file. I have specified “keystore.jks” while generating keystore file and also specified alias as “test“.
/myfolder/keystore/test.jks
Now navigate to the Tomcat root folder and open the folder “conf” and edit the file “server.xml“.
Look and uncomment the following xml section:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="conf/keystore.jks" certificateKeystorePassword="123456" certificateKeyAlias="test" type="RSA" /> </SSLHostConfig> </Connector>
I have copied the keystore.jks file in conf directory and set the password and certificate alias in the configuration. Note I have added the following attributes as they were not present:
certificateKeystorePassword,
certificateKeyAlias
Now stop and start your Tomcat server and browse the website on https://localhost:8443/ and you should be able to view the home page. Because we are using self-signed certificate, you may see the following error but that’s OK.
One last thing, do not forget to comment the default settings that was on port 8080 in “server.xml”. Otherwise, your website will be still accessible on 8080 port.
<!--<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />-->
Hope this information helps you to set the https endpoint in the Tomcat server!!!
Bonus:
I have created a folder “TestApp” in the directory {your tomcat home directory}/webapps. For simplicity I have created a simple html page called “index.html” which has basic skeleton of html and body tag and copied into the folder “TestApp” and now you can browse the html file on HTTPS endpoint https://localhost:8443/TestApp/index.html and you should see a message as below:
Now we have added a page which can be browsed through secured connection.
Awesome!!