Enable HTTPS in apache tomcat using selfsigned certificate

JAVA comes with keytool we can find it in java bin directory.

1.Generate Keystore(using keytool)

keytool -genkey -alias test -keyalg RSA -validity 365 -keysize 2048 -keystore c:test 

it will ask following questions

Enter keystore password:
What is your first and last name?
[Unknown]:  test
What is the name of your organizational unit?
[Unknown]:  test
What is the name of your organization?
[Unknown]:  test
What is the name of your City or Locality?
[Unknown]:  test
What is the name of your State or Province?
[Unknown]:  test
What is the two-letter country code for this unit?
[Unknown]:  test
Is CN=test, OU=test, O=test, L=test, ST=test, C=test correct?
[no]:  y

Enter key password for <test>
(RETURN if same as keystore password):
Re-enter new password:

here(c:test) the certificate file name.

2.Listing certificate details

keytool -list -keystore c:test

keytool -list -keystore c:test
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

test, Jul 20, 2016, PrivateKeyEntry,
Certificate fingerprint (SHA1): 50:6D:2F:CD:78:B2:59:A4:D4:3A:96:B3:B7:1B:39:CB:
86:AC:F8:29

3.Configuring tomcat

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11Protocol”
maxThreads=”150″ SSLEnabled=”true” scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”e:test”
keystorePass=”test”
sslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″
ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,      TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”
/>

clientAuth=”false” : specifies that we don’t want to enforce client authentication.
port=”8443″  :    https port number we can set as per our requirement.
maxThreads=”150″:  maximum https threads that can be opened by tomcat
keystoreFile=”e:test”:  certificate file path
keystorePass=”test”: password to open key store
sslEnabledProtocols=”” :different tls versions
ciphers= : it gives details about what algorithms and key sizes are used for each part of the handshake and encrypted session and ciphers supported by this  https server

4.Testing it

https://localhost:8443/

 

 

Advertisements
This entry was posted in Tomcat. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s