Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Configuring HTTPS in Tomcat Using JDK's Keytool for Certificate Generation

Tech May 9 3

This article outlines the process of enabling HTTPS support in Apache Tomcat using a self-signed certificate generated via the JDK's built-in keytool utility.

Generating the Certificate

Begin by navigating to the bin directory with in your JDK installation path through the command line interface. Execute the following command to create a new keystore file:

keytool -genkey -alias myapp -keyalg RSA -keystore /path/to/your/tomcat.keystore

In this command:

  • -alias myapp assigns an identifier to the certificate.
  • -keyalg RSA specifies the cryptographic algorithm.
  • -keystore /path/to/your/tomcat.keystore defines where the keystore will be saved.

Next, export the certificate from the keystore into a .crt file:

keytool -export -file /path/to/your/tomcat.crt -alias myapp -keystore /path/to/your/tomcat.keystore

Finally, import the exported certificate into the Java runtime’s trusted certificate store (cacerts):

keytool -import -keystore $JAVA_HOME/lib/security/cacerts -file /path/to/your/tomcat.crt -alias myapp

If prompted for a password, enter changeit.

Configuring Tomcat for HTTPS

Locate the server.xml configuration file inside the conf directory of your Tomcat installation. Find the default HTTP connector and replace it with the following HTTPS configuration:

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="/path/to/your/tomcat.keystore"
           keystorePass="changeit" />

Ensure that:

  • The port attribute is set to 443, which is the standard HTTPS port.
  • The keystoreFile points to the location of your genearted keystore.
  • The keystorePass matches the password used during keystore creation.

Testing the Configuration

To verify the setup, modify your system's host file to map a domain name to localhost. On Windows, edit C:\Windows\System32\drivers\etc\hosts and append:

127.0.0.1 www.test.com

Start Tomcat and navigate to https://www.test.com. You may receive a warning about an untrusted certificate, which is expected when using a self-signed certificate.

Removing the Certificate

To remove the imported certificate from the truststore later, use:

keytool -delete -alias myapp -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
Tags: tomcatHTTPS
Back to List

Prev: Implementing Network Data Push Mechanisms in C#

Next: Automating Private NuGet Package Publishing in .NET Core

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

SBUS Signal Analysis and Communication Implementation Using STM32 with Fus Remote Controller

Overview In a recent project, I utilized the SBUS protocol with the Fus remote controller to control a vehicle's basic operations, including movement, lights, and mode switching. This article is aimed...

Comprehensive Guide to Hive SQL Syntax and Operations

This article provides a detailed walkthrough of Hive SQL, categorizing its features and syntax for practical use. Hive SQL is segmented into the following categories: DDL Statements: Operations on...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top