SSL/https on port 8443 for your Tomcat webapp

1) Create your keystore (.keystore file) in a Tomcat accessible folder:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/share/tomcat-6/.keystore
Be careful when entering the “name” field: this should contain your full domain name.

2) Generate your .key and .csr (Certificate Signing Request) files:

openssl req -nodes -new -keyout foo.key -out foo.csr

Then open your .csr file and copy its content to request a certificate


Save the certificate content in a new .crt file:
vim foo.crt

3) Import your certificate in the keystore:
keytool -import -alias tomcat -keystore /usr/share/tomcat-6/.keystore \
    -file /etc/apache2/ssl/foo.crt


4) Uncomment Connector 8443 in Tomcat configuration file:

vim /var/lib/tomcat-6/conf/server.xml

<Connector protocol=”org.apache.coyote.http11.Http11Protocol”
    port=”8443″ minProcessors=”5″ maxProcessors=”75″
    enableLookups=”true” disableUploadTimeout=”true”
    acceptCount=”100″  maxThreads=”200″
    scheme=”https” secure=”true” SSLEnabled=”true”
    keystorePass=”MOTDEPASSEHABITUEL” />



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: