SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.
Now I want to show how to configure SSL on tomcat.
Tomcat HTTPS
To enable SSL open directory /Tomcat/conf/server.xml file and uncomment following line:
Now restart tomcat and try to access your web application with your domain https://www.xyz.com
Tomcat Redirect HTTP to HTTPS
Now we can access web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.
Step 1:
Step 2:
Add below configuration in <web-app> tag
Now restart tomcat and try to access your web application with your domain www.xyz.com. It will automatically redirect to https://www.xyz.com
Now I want to show how to configure SSL on tomcat.
Tomcat HTTPS
To enable SSL open directory /Tomcat/conf/server.xml file and uncomment following line:
<Connector port="443"
maxThreads="150" scheme="https" secure="true"
SSLEnabled="true"
keystoreFile="/opt/tomcat/bin/serverkaka.jks"
keystorePass="abcd" clientAuth="false" keyAlias="serverkaka"
sslProtocol="TLS"/>
|
Now restart tomcat and try to access your web application with your domain https://www.xyz.com
Tomcat Redirect HTTP to HTTPS
Now we can access web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.
Step 1:
In /Tomcat/conf/server.xml
For HTTP Connector, set the redirect port to the HTTPS connector port. It will look like following:
<!-- Define a non-SSL HTTP/1.1
Connector on port 8080 -->
<Connector
port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
redirectPort="443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
/>
|
Step 2:
In /Tomcat/conf/web.xml
Add below configuration in <web-app> tag
<!-- added by Subhash for
automatic redirect from HTTP to HTTPS -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire
Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
|
Now restart tomcat and try to access your web application with your domain www.xyz.com. It will automatically redirect to https://www.xyz.com
