This post explains step by step actions to enable SSL in Tomcat

1. Generate an RSA key for signing the certificate:

   openssl genrsa -out key.pem 2048

2. Generate a certificate using the new key:

   openssl req -new -x509 -key key.pem -out cert.pem -days 365

   Answer the quesstions with your name, organization name, e-mail, etc.

3. Since the certificate is in PEM format, convert it to PKCS12 for Tomcat:

   openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -name tomcat

   Enter a password, don’t leave it blank.

4. Edit $TOMCAT_HOME/conf/server.xml and modify the SSL connector:

       <Connector port="8443"
            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
            enableLookups="false" disableUploadTimeout="true"
            acceptCount="100" debug="0" scheme="https" secure="true"
            clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
            keystoreFile="conf/cert.p12" keystorePass="password"/>

   Remember to change password with the one typed at 3.

Note: DON’T use a self-signed certificate in a PRODUCTION SITE! Contact with a CA to sign your certificate.

Related Posts

• November 23, 2007 -- Installing JBoss jBPM 3.2.2 on Apache Tomcat 5.5 and MySQL (14)
• April 4, 2008 -- Run a jBPM process (31)
• March 17, 2008 -- Deploying jBPM processes (2)
• March 14, 2008 -- jBPM task nodes development (18)
• February 15, 2008 -- jBPM mail nodes development (24)

Tags: certificate, HowTo, keystore, OpenSSL, PEM, PKCS12, RSA, server.xml, SSL, Tomcat