Steps to create keystore file.
1. >cd $CATALINA_HOME
2. > $JAVA_HOME/keytool -genkey -alias tomcat -keyalg RSA -keystore mycert.jks
3. Enter keystore password: changeit
4. What is your first and last name? [Unknown]: Company
5. What is the name of your organizational unit? [Unknown]: IT
6. What is the name of your organization? [Unknown]: My Comp.
7. What is the name of your City or Locality? [Unknown]: KL
8. What is the name of your State or Province? [Unknown]: KL
9. What is the two-letter country code for this unit? [Unknown]: MY
10. US Is CN= Company, OU=IT, O=”My Comp.”, L=KL, ST=KL, C=MY correct? [no]: yes
11. Enter key password for (RETURN if same as keystore password): Hit Enter.
Tomcat will assume the password is “changeit” by default so it’s advised to leave it that way.
Steps to configure Tomcat to use the keystore file.
1,cd $CATALINA_HOME/conf/
2,vi server.xml
3,Look for “ Define a SSL HTTP/1.1 Connector on port 8443 ”. Remove the comments indicator and add the keystore info.
Define a SSL HTTP/1.1 Connector on port 8443
Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="/app/interface/ui/mycert.jks" sslProtocol="TLS"
4,Make sure redirect port is set as 443 as below in server.xml.
Connector port="9090" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443"
5,In Application’s web.xml following lines need to be added.
security-constraint
6,Restart Tomcat server and test.
