Click here to Skip to main content
15,868,051 members
Articles / Programming Languages / Java
Tip/Trick

Enabling SSL in Tomcat

Rate me:
Please Sign up or sign in to vote.
5.00/5 (2 votes)
21 Dec 2012CPOL2 min read 13.1K   3   2
In this article I have demonstrated using a simple Java Keystore to achieve 2 way handshake.

Introduction

In this article I have put a code sample, on using a simple Java Keystore to achieve two way handshake.

Background 

There are lots of documents on the web on how to configure SSL in Tomcat. Tomcat Server/Client Self-Signed SSL Certificate and Mutual Authentication with CLIENT-CERT, Tomcat 6, and HttpClient stand out. But there no simple example, where we can demonstrate Enabling SSL in Tomcat, I spent days pouring documents and Googling before I got the perfect solution. In this blog I have demonstrated using a simple Java Keystore to achieve two way handshake. 

Using the code 

This sample only works with Tomcat 6.0. Download and unzip the zip file in a location and go to <tomcat-home>/conf location and copy the 2 batch files client1cert.bat and client2cert.bat. Run both the files in that order they will create all the necessary certificates required for 2 way handshake.

Open server.xml and replace the <Connector> tag with the one below, 

Java
<Connector
clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${catalina.base}/conf/server.jks"
keystoreType="JKS" keystorePass="password"
truststoreFile="${catalina.base}/conf/server.jks"
truststoreType="JKS" truststorePass="password"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS" />

If you notice the clientAuth="true" enabled. 

Copy the client0 folder to <tomcat-home>/webapp directory. Finally start the server. Now under the sourcecode folder, go to, client-cert-test open the file src/main/java/com/goSmarter/test/SecureHttpClient0Test.java file and change the below line to point to your <tomcat home>/conf location, 

Java
public static final String path = "D:/apache-tomcat-6.0.36/conf/";

Run "mvn test -Dtest=com.goSmarter.test.SecureHttpClient0Test". You notice that one test succeeded. If testcase passed it means, 2 way SSL is working correctly. Please looks at the code and understand the flow. The JUnit test uses HttpUnit API to access the secure webserver. You will also notice when you run the test, there are lot of certificate related messages on the console. For this to appear, I have turned on Client side SSL debugging by putting the below code in SecureHttpClient0Test.java class,

Java
static {
System.setProperty("javax.net.debug", "ssl");
}

For complete code refer, get the latest code and follow the steps mentioned in Github.

This article was originally posted at http://krishnasblog.com/2012/12/01/enabling-ssl-in-tomcat

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
United States United States
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
GeneralMy vote of 5 Pin
sesh192-Jan-13 3:02
sesh192-Jan-13 3:02 
GeneralMy vote of 5 Pin
Aravind Kakarla31-Dec-12 4:00
Aravind Kakarla31-Dec-12 4:00 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.