This tutorial uses JDK 6 and Tomcat7, the other versions are similar.

1. Create the keystore file

Run the keytool -genkey -alias tomcat-keyalg RSA command. The result is as follows

loiane:bin loiane$ keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:  password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Loiane Groner
What is the name of your organizational unit?
  [Unknown]:  home
What is the name of your organization?
  [Unknown]:  home
What is the name of your City or Locality?
  [Unknown]:  Sao Paulo
What is the name of your State or Province?
  [Unknown]:  SP
What is the two-letter country code for this unit?
  [Unknown]:  BR
Is CN=Loiane Groner, OU=home, O=home, L=Sao Paulo, ST=SP, C=BR correct?
  [no]:  yes
  
Enter key password for
    (RETURN if same as keystore password):  password
Re-enter new password: password
Copy the code

This creates a.keystore file in the user’s home directory

2. Configure Tomcat to use the keystore file

Open server.xml and find the annotated paragraph below

<! -- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" Scheme =" HTTPS "Secure ="true" clientAuth="false" sslProtocol="TLS" /> -->
Copy the code

Eliminate the comment and change the content to

Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout="true" enableLookups="false" maxThreads="25"
    port="8443" keystoreFile="/Users/loiane/.keystore" keystorePass="password"
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
    secure="true" sslProtocol="TLS" />
Copy the code

3. The test

Start Tomcat and visit https://localhost:8443. You will see Tomcat’s default home page.

Note that if you access the default port 8080, it still works.

4. Configure SSL for applications

Open the web. XML file of the application and add the following configuration:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>securedapp</web-resource-name>
        <url-pattern>/ *</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
Copy the code

Set the URL mapping to /* so that your entire application requires HTTPS access and the transport-guarantee tag is set to CONFIDENTIAL to enable SSL.

If you want to turn off SSL, just change CONFIDENTIAL to NONE.

Official documentation: tomcat.apache.org/tomcat-7.0-…