Configure Your Own Certificate In Tomcat
 

I won’t go into much detail, not because it's waste of time or not necessary, it’s because I myself not aware of the detail.

 

Coming straight to the topic. What a certificate is at the first place?

 

A certificate is a certificate or a document or a proof given by some authority to verify or confirm the security of the communication with the site owns the certificate. A site owning certificate is considered a trustable site and one can provide his/her confidential data such as password, bank details, credit card details etc to that site.

 

Why it’s considered trustable?

 

That’s because, that site is using PKA (Public Key Algorithm) to transfer your data. When your browser gets the certificate with the response, it retrieves the Public Key from the certificate and uses it to encrypt the data being sent to the server. Now only possible way to understand this data is to decrypt it with Private Key corresponds to that Public Key. Obviously that is available only with site who own the certificate. So that means, you data are understandable only to that site. And so it’s secure!

 

Who issues this certificate?

 

There are some authorities for it, I am aware of two of them: Verysign and CA (Certificate Authority).

 

Why not everyone gets one certificate?

 

Because it cost something so only site that required secure communication like banks, share trading sites etc care about it.

 

Well that’s all about theory.

 

Now I will tell you a way to configure your own certificate in tomcat. Yes, you can issue a certificate to yourself. That communication will be secure too but certificate is not authorized.

 

Steps to Configure SSL into Tomcat

 

 

  1. Download JSSE from http://java.sun.com/products/jsse/.

 

  1. Make JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and jsse.jar) into your $JAVA_HOME/jre/lib/ext directory.

 

(Note: JSSE only needs to be installed on very old JREs (up to 1.3). Starting with Java 1.4 it's part of the standard JRE.)

  1. To create new keystore from scratch, execute the following command from command line:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

 

  1. Give all the information those are asked.

 

  1. If everything was successful, you now have a keystore file at following location: / C:/Documents and Settings/<username>

 

  1. Uncomment the connector tag for SSL in server.xml. It will look something like this:

 

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector 
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true";
           clientAuth="false" sslProtocol="TLS"/>
-->
 
  1. Add ‘keystorePass’ attribute in Connector tag if you changed password to something else from ‘changeit’

 

For example:

 
<Connector 
           port="8443" minProcessors="5" maxProcessors="75"
           enableLookups="true" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true";
           clientAuth="false" sslProtocol="TLS" keystorePass="ankurrathi"/>

 

  1. Start the tomcat and try: https://localhost:8443