EN
Tomcat 8 - https / SSL / TSL configuration for development on localhost
5
points
In this article we would like to show how to enable https in Tomcat 8 Server and use it for development on development.
Simple steps
- go to Tomcat configuration directory,
e.g. in Windows it can be:C:\Program Files\Apache Software Foundation\apache-tomcat-8.0.46\conf
e.g. inDebian Linux
it can be:/var/lib/tomcat8/conf
- open
server.xml
,
- confugure following listener:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
Listener
element should be nested directly insideServer
element at begining of config file.
- find and edit or create new one
Connector
element that hasscheme="https"
attribute, e.g.:<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="${user.home}/.keystore" keystorePass="my_secret_password" clientAuth="false" sslProtocol="TLS"/>
Connector
element should be nested inServer
->Service
->Connector
andkeystorePass
attribute should be set to own one password.Note: official documentation can be found here.
- go to home directory and execute following command:
"C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -genkey -keystore ".keystore" -alias tomcat -keyalg RSA
Notes:
Console output:
- use same password like inConnector
element,
- example home directory:~/my_user_name
for Linux/Unix orC:\Users\my_user_name
for Windows ~10.john@DESKTOP-PC MINGW64 ~ $ "C:\Program Files\Java\jdk1.8.0_202\bin\keytool" -genkey -keystore ".keystore" -alias tomcat -keyalg RSA Enter keystore password: my_secret_password Re-enter new password: my_secret_password What is your first and last name? [Unknown]: John Dee What is the name of your organizational unit? [Unknown]: Lack What is the name of your organization? [Unknown]: Lack What is the name of your City or Locality? [Unknown]: Heaven What is the name of your State or Province? [Unknown]: Lack What is the two-letter country code for this unit? [Unknown]: UK Is CN=John Dee, OU=Lack, O=Lack, L=Heaven, ST=Lack, C=UK correct? [no]: yes Enter key password for <tomcat> (RETURN if same as keystore password): john@DESKTOP-PC MINGW64 ~ $
Note: official documentation can be found here.
- run yours server,
- open in web browser following link:
https://localhost:8443/
,
- in web browser confirm proceding to unsafe page.