Configuration steps of using JESS method are as follows:
- Generate server credential (public key)
Windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore D:\key.keystore
Unix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /home/key.keystore
where -keystore indicates the location of the credential and it can be specified as needed.
Enter the passwork accordint to the prompt ("changeit" is the default password while deploying with Tomcat), "123456" for instance, and then confirm.
- Modify the configuration file server.xml to enable SSL.
Annotate the configuration below to disable APR:
<!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
Find the configuration for SSL HTTP/1.1 Connector:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" ... -->
Clear the annotation and modify it as follows:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" URIEncoding="utf-8" clientAuth="false" keystoreFile="D:\key.keystore" keystorePass="123456" sslProtocol="TLS"/>
- Restart Tomcat, and then the Web application can be
accessed via HTTPS via the port 8443.