Tutorial

Steps to Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS

Published on August 3, 2022
author

Pankaj

Steps to Configure SSL on Tomcat and Setup Auto Redirect from HTTP to HTTPS

Secured Socket Layer (SSL) is the cryptography protocol to provide message security over the Internet. It works on the notion of Private and Public keys and messages are encrypted before sending it over the network. To configure SSL on Tomcat, we need a digital certificate that can be created using Java keytool for the development environment. For the production environment, you should get the digital certificate from SSL certificate providers, for example, Verisign, Entrust, Lets’ Encrypt.

Creating SSL Certificate

Follow the below steps to create your own digital certificate.

$ keytool -genkey -alias tomcat -keyalg RSA -keystore mycertificate.cert
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  Pankaj Kumar
What is the name of your organizational unit?
  [Unknown]:  Dev
What is the name of your organization?
  [Unknown]:  JournalDev
What is the name of your City or Locality?
  [Unknown]:  Bangalore
What is the name of your State or Province?
  [Unknown]:  Karnataka
What is the two-letter country code for this unit?
  [Unknown]:  IN
Is CN=Pankaj Kumar, OU=Dev, O=JournalDev, L=Bangalore, ST=Karnataka, C=IN correct?
  [no]:  Yes

Enter key password for <tomcat>
	(RETURN if same as keystore password):
Re-enter new password:
$ ls
mycertificate.cert

I have used the password “changeit” for Keystore and key but you can use whatever you want. Now our digital certificate is ready and the next step is to enable HTTPS communication port in Tomcat and set it to use our digital certificate for providing SSL support.

Tomcat HTTPS

To enable SSL open ~Tomcat_Installation/conf/server.xml file and uncomment following line:

<Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               keystoreFile="/Users/Pankaj/tomcat/conf/mycertificate.cert"
	       clientAuth="false" sslProtocol="TLS" />

To avoid any misplacement of the certificate, I have put that in the tomcat conf directory. Now restart Tomcat and try to access any web application over https with port 8443. Tomcat SSL Enabled

Tomcat Redirect HTTP to HTTPS

So we can access any web application on both HTTP and HTTPS ports. We can set up tomcat to redirect all HTTP request to HTTPS port with some configurations.

  1. In ~TomcatInstallation/conf/server.xmlFor HTTP Connector, set the redirect port to the HTTPS connector port. It will look somewhat like this:

    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
        <Connector port="8090" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                   enableLookups="false" redirectPort="8443" acceptCount="100"
                   connectionTimeout="20000" disableUploadTimeout="true" />
    </pre>
    </li>
    <li>In ~TomcatInstallation/conf/web.xml
    
    Add below configuration but make sure to add it after all the servlet-mapping tags.
    
    <pre>
    <!-- added by Pankaj for automatic redirect from HTTP to HTTPS -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Entire Application</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    

Restart the tomcat now and all the HTTP requests will automatically be redirected to HTTPS i.e https://localhost:8080/axis2 will be automatically redirected to https://localhost:8443/axis2 Note: If you don’t want to provide ports in the URLs, then use 80 for HTTP and 443 for HTTPS. In that case, you can skip the first step to automatically redirect HTTP requests to HTTPS because it will automatically pick the default port 443. Update: If you are working on Tomcat, you might be interested in the following posts.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors
Default avatar
Pankaj

author

While we believe that this content benefits our community, we have not yet thoroughly reviewed it. If you have any suggestions for improvements, please let us know by clicking the “report an issue“ button at the bottom of the tutorial.

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
JournalDev
DigitalOcean Employee
DigitalOcean Employee badge
September 7, 2020

After configured ssl in my apachi tomact server im getting 404 error

- Mahe

    JournalDev
    DigitalOcean Employee
    DigitalOcean Employee badge
    July 17, 2020

    Can we use the redirect port as 443 in tomcat. Because when I use 443 port then my webapplication cannot open. Can you please tell me how we can use the 443 pot in tomcat for Java webapplication

    - sarika sirsat

      JournalDev
      DigitalOcean Employee
      DigitalOcean Employee badge
      June 16, 2020

      HI Pankaj,I am using Embedded tomcat (runnning as my java process )and i donot want to rediect HTTP traffic to HTTPS. i have not setRedirectPort on HTTPConnector but its still redirecting traffic to HTTPS. what could be the reason. httpConnector =tomcatServer.getConnector(); httpConnector.setPort(8080); httpConnector.setSecure(false); httpConnector.setScheme(“http”);

      - sneha thakur

        JournalDev
        DigitalOcean Employee
        DigitalOcean Employee badge
        November 16, 2019

        http to https redirect takes to https:///ROOT but if I access https://URL/ it is good. I’ve set tomcat app to ROOT context. If any path the redirection works good but only if ROOT http redirection is having this issue. Any help appreciated please.

        - Chakaravarthy Natesan

          JournalDev
          DigitalOcean Employee
          DigitalOcean Employee badge
          November 12, 2019

          One thing that might mess you up is setting up port 443 because any use of ports under 1024 require root access and most IT shops won’t let developers have root access on anything. So in this case, you might need apache web server to listen in on port 443 and redirect requests to port 8443 and just have the tomcat connector listen on 8443. Again, that may require admin intervention to edit the config files under apache web server. Good luck! PS: That issue is my #1 problem facing me - access to resources even on development servers. Maybe you all have looser restrictions or are just trying to get things to work locally. Just keep in mind as you go up the chain of deployment, local - dev - test -stage - prod, you might have to rethink how things work.

          - Patrick

            JournalDev
            DigitalOcean Employee
            DigitalOcean Employee badge
            September 4, 2019

            Hello Pankaj, I have followed the steps and I have deployed Jenkins in tomcat. somehow https://host:port/jenkins is not redirecting to https://host:port/jenkins by automatically but it is redirecting without Jenkins pattern (I mean https://host:port to https://host:port). Do you have any idea?

            - Rama Krishna

              JournalDev
              DigitalOcean Employee
              DigitalOcean Employee badge
              October 6, 2018

              Hello Pankaj, Can you suggest how to configure tomcat 8080 redirect to SSL port based on Different Application on single Tomcat Service? For example : https://site1:8080/Application1 redirect to https://site1:443/Application1 https://site2:8080/Application2 redirect to https://site2:445/Application2 Both application on Tomcat 6.0.

              - Saket Yadav

                JournalDev
                DigitalOcean Employee
                DigitalOcean Employee badge
                July 5, 2018

                Hi Pankaj, I have tomcat webservice running in Windows server and goes to http 301 status at least once in week. Restart of service not helping. Once I reboot entire server then it works again. Any idea whether it’s due to this redirect?

                - Sai

                  JournalDev
                  DigitalOcean Employee
                  DigitalOcean Employee badge
                  February 21, 2018

                  I have installed SSL Certificate successfully and i have also make relevant changes in server.xml and web.xml in tomcat/conf/ folder. In Production server request is redirect to https://localhost:8080/ but in live mean from internet it’s redirect to https://www.example.com Only. Please help me.

                  - Nirav Prajapati

                    JournalDev
                    DigitalOcean Employee
                    DigitalOcean Employee badge
                    December 28, 2017

                    How can I manage post action while http to https? For example, I try to access http with post parameters, will it retrain after it is redirected to https. I guess on redirection it performs get action and no parameters aren’t migrated.

                    - kiruba

                      Try DigitalOcean for free

                      Click below to sign up and get $200 of credit to try our products over 60 days!

                      Sign up

                      Join the Tech Talk
                      Success! Thank you! Please check your email for further details.

                      Please complete your information!

                      Become a contributor for community

                      Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

                      DigitalOcean Documentation

                      Full documentation for every DigitalOcean product.

                      Resources for startups and SMBs

                      The Wave has everything you need to know about building a business, from raising funding to marketing your product.

                      Get our newsletter

                      Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

                      New accounts only. By submitting your email you agree to our Privacy Policy

                      The developer cloud

                      Scale up as you grow — whether you're running one virtual machine or ten thousand.

                      Get started for free

                      Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

                      *This promotional offer applies to new accounts only.