Tomcat 8 - https / SSL / TSL configuration for development on localhost

In this article we would like to show how to enable https in Tomcat 8 Server and use it for development on development.

1. go to Tomcat configuration directory,
   e.g. in Windows it can be: C:\Program Files\Apache Software Foundation\apache-tomcat-8.0.46\conf
   e.g. in Debian Linux it can be: /var/lib/tomcat8/conf
    
2. open server.xml,
    
3. confugure following listener:
   Copy

   xxxxxxxxxx

    

   1

   <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
   Listener element should be nested directly inside Server element at begining of config file.
    
4. find and edit or create new one Connector element that has scheme="https" attribute, e.g.:
   Copy

   xxxxxxxxxx

    

   1

   <Connector

   2

          protocol="org.apache.coyote.http11.Http11NioProtocol"

   3

          port="8443" maxThreads="200"

   4

          scheme="https" secure="true" SSLEnabled="true"

   5

          keystoreFile="${user.home}/.keystore" keystorePass="my_secret_password"

   6

          clientAuth="false" sslProtocol="TLS"/>

   Connector element should be nested in Server -> Service -> Connector and keystorePass attribute should be set to own one password.

   Note: official documentation can be found here.

    
5. go to home directory and execute following command:
   Copy

   xxxxxxxxxx

    

   1

   "C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -genkey -keystore ".keystore" -alias tomcat -keyalg RSA

   Notes:
   - use same password like in Connector element,
   - example home directory: ~/my_user_name for Linux/Unix or C:\Users\my_user_name for Windows ~10.

   Console output:
   Copy

   xxxxxxxxxx

    

   1

   john@DESKTOP-PC MINGW64 ~

   2

   $ "C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -genkey -keystore ".keystore" -alias tomcat -keyalg RSA

   3

   Enter keystore password:  my_secret_password

   4

   Re-enter new password: my_secret_password

   5

   What is your first and last name?

   6

     [Unknown]:  John Dee

   7

   What is the name of your organizational unit?

   8

     [Unknown]:  Lack

   9

   What is the name of your organization?

   10

     [Unknown]:  Lack

   11

   What is the name of your City or Locality?

   12

     [Unknown]:  Heaven

   13

   What is the name of your State or Province?

   14

     [Unknown]:  Lack

   15

   What is the two-letter country code for this unit?

   16

     [Unknown]:  UK

   17

   Is CN=John Dee, OU=Lack, O=Lack, L=Heaven, ST=Lack, C=UK correct?

   18

     [no]:  yes

   19

   ​

   20

   Enter key password for <tomcat>

   21

           (RETURN if same as keystore password):

   22

   ​

   23

   john@DESKTOP-PC MINGW64 ~

   24

   $

   Note: official documentation can be found here.

    
6. run yours server,
    
7. open in web browser following link: https://localhost:8443/,
    
8. in web browser confirm proceding to unsafe page.