In this article I have put a code sample, on using a simple Java Keystore to achieve two way handshake.
There are lots of documents on the web on how to configure SSL in Tomcat. Tomcat Server/Client Self-Signed SSL Certificate and Mutual Authentication with CLIENT-CERT, Tomcat 6, and HttpClient
stand out. But there no simple example, where we can demonstrate
Enabling SSL in Tomcat, I spent days pouring documents and Googling
before I got the perfect solution. In this blog I have demonstrated
using a simple Java Keystore to achieve two way handshake.
Using the code
This sample only works with Tomcat 6.0.
Download and unzip the zip file in a location and go to
<tomcat-home>/conf location and copy the 2 batch files
client1cert.bat and client2cert.bat. Run both the files in that order
they will create all the necessary certificates required for 2 way
Open server.xml and replace the
<Connector> tag with the one below,
clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
scheme="https" secure="true" SSLEnabled="true"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS" />
If you notice the clientAuth="true" enabled.
Copy the client0
folder to <tomcat-home>/webapp directory. Finally start the
server. Now under the sourcecode folder, go to, client-cert-test open
the file src/main/java/com/goSmarter/test/SecureHttpClient0Test.java
file and change the below line to point to your <tomcat home>/conf
public static final String path = "D:/apache-tomcat-6.0.36/conf/";
Run "mvn test -Dtest=com.goSmarter.test.SecureHttpClient0Test". You
notice that one test succeeded. If testcase passed it means, 2 way SSL is
working correctly. Please looks at the code and understand the flow. The
JUnit test uses HttpUnit API to access the secure webserver. You will
also notice when you run the test, there are lot of certificate related
messages on the console. For this to appear, I have turned on Client
side SSL debugging by putting the below code in
For complete code refer, get the latest code and follow the steps mentioned in Github.