Published December 27, 2017 by

Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS

SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.

Now I want to show how to configure SSL on tomcat.

Tomcat HTTPS

To enable SSL open directory /Tomcat/conf/server.xml file and uncomment following line:

<Connector port="443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/tomcat/bin/serverkaka.jks" keystorePass="abcd" clientAuth="false" keyAlias="serverkaka" sslProtocol="TLS"/>

Now restart tomcat and try to access your web application with your domain

Tomcat Redirect HTTP to HTTPS

Now we can access web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.

Step 1:

In /Tomcat/conf/server.xml

For HTTP Connector, set the redirect port to the HTTPS connector port. It will look like following:

<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

Step 2:
In /Tomcat/conf/web.xml

Add below configuration in <web-app> tag

<!-- added by Subhash for automatic redirect from HTTP to HTTPS -->
<web-resource-name>Entire Application</web-resource-name>

Now restart tomcat and try to access your web application with your domain 
It will automatically redirect to