Tutorial
Steps to Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS
Secured Socket Layer (SSL) is the cryptography protocol to provide message security over the Internet. It works on the notion of Private and Public keys and messages are encrypted before sending it over the network. To configure SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment. For the production environment, you should get the digital certificate from SSL certificate providers, for example, Verisign, Entrust, Lets’ Encrypt.
Creating SSL Certificate
Follow the below steps to create your own digital certificate.
$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycertificate.cert
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Pankaj Kumar
What is the name of your organizational unit?
[Unknown]: Dev
What is the name of your organization?
[Unknown]: JournalDev
What is the name of your City or Locality?
[Unknown]: Bangalore
What is the name of your State or Province?
[Unknown]: Karnataka
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Pankaj Kumar, OU=Dev, O=JournalDev, L=Bangalore, ST=Karnataka, C=IN correct?
[no]: Yes
Enter key password for <tomcat>
(RETURN if same as keystore password):
Re-enter new password:
$ ls
mycertificate.cert
I have used the password “changeit” for Keystore and key but you can use whatever you want. Now our digital certificate is ready and the next step is to enable HTTPS communication port in Tomcat and set it to use our digital certificate for providing SSL support.
Tomcat HTTPS
To enable SSL open ~Tomcat_Installation/conf/server.xml file and uncomment following line:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/Users/Pankaj/tomcat/conf/mycertificate.cert"
clientAuth="false" sslProtocol="TLS" />
To avoid any misplacement of the certificate, I have put that in the tomcat conf directory. Now restart Tomcat and try to access any web application over https with port 8443. 
Tomcat Redirect HTTP to HTTPS
So we can access any web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.
-
In
~TomcatInstallation/conf/server.xmlFor HTTP Connector, set the redirect port to the HTTPS connector port. It will look somewhat like this:<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="8090" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> </pre> </li> <li>In ~TomcatInstallation/conf/web.xml Add below configuration but make sure to add it after all the servlet-mapping tags. <pre> <!-- added by Pankaj for automatic redirect from HTTP to HTTPS --> <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
Restart the tomcat now and all the HTTP requests will automatically be redirected to HTTPS i.e https://localhost:8080/axis2 will be automatically redirected to https://localhost:8443/axis2 Note: If you don’t want to provide ports in the URLs, then use 80 for HTTP and 443 for HTTPS. In that case, you can skip the first step to automatically redirect HTTP requests to HTTPS because it will automatically pick the default port 443. Update: If you are working on Tomcat, you might be interested in the following posts.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
author
While we believe that this content benefits our community, we have not yet thoroughly reviewed it. If you have any suggestions for improvements, please let us know by clicking the “report an issue“ button at the bottom of the tutorial.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.
After configured ssl in my apachi tomact server im getting 404 error
- Mahe
Can we use the redirect port as 443 in tomcat. Because when I use 443 port then my webapplication cannot open. Can you please tell me how we can use the 443 pot in tomcat for Java webapplication
- sarika sirsat
HI Pankaj,I am using Embedded tomcat (runnning as my java process )and i donot want to rediect HTTP traffic to HTTPS. i have not setRedirectPort on HTTPConnector but its still redirecting traffic to HTTPS. what could be the reason. httpConnector =tomcatServer.getConnector(); httpConnector.setPort(8080); httpConnector.setSecure(false); httpConnector.setScheme(“http”);
- sneha thakur
http to https redirect takes to
https:///ROOTbut if I accesshttps://URL/it is good. I’ve set tomcat app to ROOT context. If any path the redirection works good but only if ROOT http redirection is having this issue. Any help appreciated please.- Chakaravarthy Natesan
One thing that might mess you up is setting up port 443 because any use of ports under 1024 require root access and most IT shops won’t let developers have root access on anything. So in this case, you might need apache web server to listen in on port 443 and redirect requests to port 8443 and just have the tomcat connector listen on 8443. Again, that may require admin intervention to edit the config files under apache web server. Good luck! PS: That issue is my #1 problem facing me - access to resources even on development servers. Maybe you all have looser restrictions or are just trying to get things to work locally. Just keep in mind as you go up the chain of deployment, local - dev - test -stage - prod, you might have to rethink how things work.
- Patrick
Hello Pankaj, I have followed the steps and I have deployed Jenkins in tomcat. somehow
https://host:port/jenkinsis not redirecting tohttps://host:port/jenkinsby automatically but it is redirecting without Jenkins pattern (I meanhttps://host:porttohttps://host:port). Do you have any idea?- Rama Krishna
Hello Pankaj, Can you suggest how to configure tomcat 8080 redirect to SSL port based on Different Application on single Tomcat Service? For example :
https://site1:8080/Application1redirect tohttps://site1:443/Application1https://site2:8080/Application2redirect tohttps://site2:445/Application2Both application on Tomcat 6.0.- Saket Yadav
Hi Pankaj, I have tomcat webservice running in Windows server and goes to http 301 status at least once in week. Restart of service not helping. Once I reboot entire server then it works again. Any idea whether it’s due to this redirect?
- Sai
I have installed SSL Certificate successfully and i have also make relevant changes in server.xml and web.xml in tomcat/conf/ folder. In Production server request is redirect to
https://localhost:8080/but in live mean from internet it’s redirect tohttps://www.example.comOnly. Please help me.- Nirav Prajapati
How can I manage post action while http to https? For example, I try to access http with post parameters, will it retrain after it is redirected to https. I guess on redirection it performs get action and no parameters aren’t migrated.
- kiruba