Environment
Retain (All versions)
Linux
Situation
How to enable SSL on Tomcat?
Resolution
There are three steps required to enable SSL on Tomcat:
1) Generation of 2048 bit Key.
The OpenSSL utility is usually included with SLES, if not you will need to install it through YAST.2) Generation of Certificate.
Open up a terminal session as root and run openssl
Type (without quotes) "genrsa -des3 -out tomcatkey.pem 2048"
This will generate the RSA 2048-bit Key needed to create the certificate. Enter a password when prompted, this will be needed again in further steps.
With OpenSSL still open type (without quotes) "req -new -x509 -key tomcatkey.pem -out tomcatcert.pem -days 3650", you will need to re-enter the password from the last step.3) Modification of Configuration Generation of 2048 bit Key.
You will need to enter in information that is valid for your company. For Example:
Once this is complete type quit to exit OpenSSL.
Copy the 2 pem files to the tomcat folder.
Open the file server.xml under the tomcat\conf directory.
If you want to disable non-SSL access find the lines (Optional)
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --><Connector port="48080" maxHttpHeaderSize="8192"To Enable SSL Configuration find the following lines (Required)
Then change the second line to
<!-- <Connector port="48080" maxHttpHeaderSize="8192"
and add --> to the end of this line
connectionTimeout="20000" disableUploadTimeout="true" /> -->
This comments out that section, so the non-SSL version will not be activated.
<!-- Define a SSL HTTP/1.1 Connector on port 8443 --><!-- <Connector port="48443" maxHttpHeaderSize="8192"
and remove the "<!--" from the begining of the second line so that it looks like
<Connector port="48443" maxHttpHeaderSize="8192"Then find the line
clientAuth="false" sslProtocol="TLS" />Remove the /> from the end
clientAuth="false" sslProtocol="TLS"And add these new lines, including the password entered earlier
SSLEngine="on"
SSLCertificateFile="${catalina.home}/tomcatcert.pem"
SSLCertificateKeyFile="${catalina.home}/tomcatkey.pem"
SSLPassword="password" />Save the file and restart Tomcat by typing (without quotes) "rcretain-tomcat5 restart" into the terminal
Additional Information
This article was originally published in the GWAVA knowledgebase as article ID 1890.