Tutorial
Steps to Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS
Secured Socket Layer (SSL) is the cryptography protocol to provide message security over the Internet. It works on the notion of Private and Public keys and messages are encrypted before sending it over the network. To configure SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment. For the production environment, you should get the digital certificate from SSL certificate providers, for example, Verisign, Entrust, Lets’ Encrypt.
Creating SSL Certificate
Follow the below steps to create your own digital certificate.
$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycertificate.cert
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Pankaj Kumar
What is the name of your organizational unit?
[Unknown]: Dev
What is the name of your organization?
[Unknown]: JournalDev
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Pankaj Kumar, OU=Dev, O=JournalDev, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: Yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
Re-enter new password:
$ ls
mycertificate.cert
I have used the password “changeit” for Keystore and key but you can use whatever you want. Now our digital certificate is ready and the next step is to enable HTTPS communication port in Tomcat and set it to use our digital certificate for providing SSL support.
Tomcat HTTPS
To enable SSL open ~Tomcat_Installation/conf/server.xml file and uncomment following line:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/Users/Pankaj/tomcat/conf/mycertificate.cert"
clientAuth="false" sslProtocol="TLS" />
To avoid any misplacement of the certificate, I have put that in the tomcat conf directory. Now restart Tomcat and try to access any web application over https with port 8443. 
Tomcat Redirect HTTP to HTTPS
So we can access any web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.
-
In
~TomcatInstallation/conf/server.xmlFor HTTP Connector, set the redirect port to the HTTPS connector port. It will look somewhat like this:<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8090" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> </pre> </li> <li>In ~TomcatInstallation/conf/web.xml Add below configuration but make sure to add it after all the servlet-mapping tags. <pre> <!-- added by Pankaj for automatic redirect from HTTP to HTTPS --> <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Restart the tomcat now and all the HTTP requests will automatically be redirected to HTTPS i.e https://localhost:8080/axis2 will be automatically redirected to https://localhost:8443/axis2 Note: If you don’t want to provide ports in the URLs, then use 80 for HTTP and 443 for HTTPS. In that case, you can skip the first step to automatically redirect HTTP requests to HTTPS because it will automatically pick the default port 443. Update: If you are working on Tomcat, you might be interested in the following posts.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
author
While we believe that this content benefits our community, we have not yet thoroughly reviewed it. If you have any suggestions for improvements, please let us know by clicking the “report an issue“ button at the bottom of the tutorial.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
Nice post… Thanks for this information…
- Sathish
Hi,buddy I am a java programmer and also a blogger.would u give me a favor?I’m interested in your blog theme.Could you send a email to me with the theme.thank you! mars.ma.cn@gmail.com
- Mars
Great…thanks…
- Tapan
Sorry please delete this comment , I got it , Just wondering is it necessary to have index.jsp or .html file in webapps/myapp folder , when i tried using
https://localhost:8080/myappit won’t work but when i specified .html file and accessed in same it worked ? Also it will be great if you can confirm below two points 1. Is it necessary to have web.xml 2. Does accessing the servlet way has changed now sometime it work ashttps://localhost:8080/myapp/servlet/MyServletand some wherehttps://localhost:8080/myapp/MyServlet, why is it so or am i missing something ? Thanks- Shashank
can u let me know the steps how to hide port number from url?
- ravikiran
I made similar configuration changes in my tomcat server.xml as explained in the tutorial and have placed myCertificate.cert in conf directory. but while i am trying to access application using http url, browser gets redirected to https with 8443 port but home page mentioned in the browser URL.is not displyed. getting ERR_connection_refused
- Labanya Kumar
I have successfully setup the SSL arrangement as described in the article. However, the redirect from http to https is a 302 redirect i.e., temporary redirect. How can I make this redirect a permanent one i.e., 301 redirect?
- Hardik
Hi: i want to host my side from my computer. i have a router with static IP . my apache tomcat port if 8080; how my jsp side host please help me.
- Aqueel Alam
Hi Pankaj, The redirection works only at the root ex:if i give my application as
https://my_server_ipit will redirect tohttps://my_server_ipbut when i try to give the url ashttps://my_server_ip/applicationIt won’t redirect tohttps://my_server_ip/application. Could you please suggest a workaround for this. Thanks for this awesome post.- Pratham
Hi Pankaj I have one question, I have enabled BASIC authentication for my application by putting required entries for it in its respective web.xml file, also I have enabled port redirection from 8080 to 443 in the web.xml file of tomcat. After enabling port redirection while accessing my application authentication is not getting prompted, can you please advise me why is the strange behaviour happening
- Vimalan Ravindran