Overview#
Tomcat provides built-in support for SSL using OpenSSL.
Using PKCS #12 Key Store#
Generating a self-signed SSL server certificate#
To generate a self-signed SSL server certificate:
$ cd /usr/share/tomcat
$ openssl req -x509 \
`` -newkey rsa:2048 ``
`` -keyout sslserver.key ``
`` -nodes ``
`` -out sslserver.crt ``
`` -subj “/CN=$HOSTNAME/O=EXAMPLE” ``
`` -days 365``
To import the SSL server certificate and key into a PKCS #12 file:
$ openssl pkcs12 -export \
`` -in sslserver.crt ``
`` -inkey sslserver.key ``
`` -out sslserver.p12 ``
`` -name “sslserver” ``
`` -passout pass:Secret.123``
$ chmod +r sslserver.p12
Configuring SSL connector#
Uncomment the SSL connector in $CATALINA_BASE/conf/server.xml and add the keystore parameters as follows:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
`` maxThreads=”150” SSLEnabled=”true” scheme=”https” secure=”true”``
`` clientAuth=”false” sslProtocol=”TLS”``
``
\ ``keystoreType="pkcs12"
`` keystoreFile=”${catalina.base}/sslserver.p12”``
`` keystorePass=”Secret.123”``
`` keyAlias=”sslserver”``
/>