SSL Configuration

Apache Tomcat 8 SSL Configuration

This is a step by step tutorial with self-signed certificate example about the ssl configuration on tomcat 8 running on Windows 2016 R2.

Step 1. First you need to open windows power shell and type the following command:

&"C:\Program Files\Java\jdk1.8.0_111\bin\keytool.exe" -genkey -alias tomcat -keyalg RSA -keystore C:\keystore

In your case, this path "C:\Program Files\Java\jdk1.8.0_111\bin\keytool.exe" can be different, depending on your java version. Keystore destination "C:\keystore" is at your own choice.

You will be prompted to enter the following information:

Enter keystore password: 123123
What is your first and last name?
[Unknown]: netvizura.yourdomain.com # this is a place where you should enter your domain name
What is the name of your organizational unit?
[Unknown]: NetVizura
What is the name of your organization?
[Unknown]: Soneco
What is the name of your City or Locality?
[Unknown]: Belgrade
What is the name of your State or Province?
[Unknown]: Serbia
What is the two-letter country code for this unit?
[Unknown]: rs
Enter key password for <tomcat>
(RETURN if same as keystore password): [enter]

Step 2. In the file C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf\server.xml add the following lines:

<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443"
scheme="https"
secure="true"
SSLEnabled="true"
keystoreFile="C:\keystore"
keystorePass="123123"
clientAuth="false"
sslProtocol="TLS"/>

Step 3. Restart tomcat service.

Step 4. Open port TCP 8443 in the server firewall.

Step 5. Type https://netvizura.yourdomain.com:8443/netvizura in your browser and login to NetVizura.

Note that netvizura.yourdomain.com should resolve via DNS to your NetVizura server IP address.

To get more information, please check vendor documentation Apache Tomcat 8 SSL/TLS Configuration HOW-TO .

To disable http insecure connection you need to comment related lines in the server file:

Best practice is to add these lines under the “SSL/TLS HTTP/1.1” section.

Apache Tomcat 7 SSL Configuration

This is a step by step tutorial with self-signed certificate example about the ssl configuration on tomcat 7 running on Debian 7.

Step 1. First you need to type the following command in the linux shell:

/usr/lib/jvm/default-java/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat7/keystore

In your case, keytool path "/usr/lib/jvm/jre/bin/keytool" can be different. Keystore destination "/etc/tomcat6/keystore" is at your own choice.

You will be prompted to enter the following information:

Enter keystore password: 123123
What is your first and last name?
[Unknown]: netvizura.yourdomain.com # this is a place where you should enter your domain name
What is the name of your organizational unit?
[Unknown]: NetVizura
What is the name of your organization?
[Unknown]: Soneco
What is the name of your City or Locality?
[Unknown]: Belgrade
What is the name of your State or Province?
[Unknown]: Serbia
What is the two-letter country code for this unit?
[Unknown]: rs
Is CN=ldap.netvizura.com, OU=NetVizura, O=Soneco, L=Belgrade, ST=Serbia, C=rs correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password): [enter]

Step 2. Use some text editor such as "nano" or "vim" to add the following lines into the /etc/tomcat7/server.xml file:

e.g. nano /etc/tomcat7/server.xml

<Connector
protocol="org.apache.coyote.http11.Http11Protocol"
port="8443"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/etc/tomcat7/keystore"
keystorePass="123123"
clientAuth="false" sslProtocol="TLS"/>