Tomcat will first need a SSL Connector configured before it can accept secure connections.

Note: By default Tomcat will look for your Keystore with the file name .keystore in the CATALINA_Home directory with the default password 'changeit'. Commonly found CATALINA_HOME Directories

UnixLinux lub *nix -- /etc/tomcat5.5
Windows -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\

It is possible to change the file name, password, and even location that Tomcat looks for the keystore. If you need to do this, pay special attention to #8 of Option 2 or #5 of Option 1 below.


Option 1 - Configure the SSL Connector in server.xml:

  1. Copy your keystore file (your_domain.key or your_domain.pfx) to the home directory (see the Note above).
  2. Otwórz w notatniku plik Home_Directory/conf/server.xml
  3. Un-comment the 'SSL Connector' Configuration
  4. Make sure that the 'Connector Port' is 443
  5. If your keystore filename is something other than the default file name (.keystore) and/or your keystore password is something other than default ('changeit') then you will need to specify the correct keystore filename and/or password in your connector configuration -- ex. keystorePass="newpassword". When you are done your connector should look something like this:
    • to use a JKS (Java Key Store) file:<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/user_name/twoja_domena.key" keystorePass="hasło do keystore" />
    • to use a PFX/P12 (PKCS#12) file:<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/twoja_domena.pfx" keystorePass="twoje_hasło_keystore" keystoreType="PKCS12" />
  6. Save the changes to server.xml
    Note: You may need to comment out the following line: na:
  7. Restart Tomcat.

Option 2 - Add an SSL Connector using admintool:

  1. Start Tomcat
  2. Enter 'http://localhost:8080/admin' in a local browser to start admintool
  3. Type a username and password with administrator rights
  4. On the left select 'Service' (Java Web Services Developer Pack)
  5. Select 'Create New Connector' from the drop-down list on the right
  6. Choose 'HTTPS' in the 'Type' field
  7. In the 'Port' field, enter '443'. This defines the TCP/IP port number on which Tomcat will listen for secure connections
  8. Enter the Keystore Name and Keystore Password if a. your keystore is named something other than .keystore, b. if .keystore is located in a directory other than the home directory of the machine on which Tomcat is running, or if c. the password is something other than the default value of 'changeit'. If you have used the default values, you can leave these fields blank.
  9. Select 'Save' to save the new Connector
  10. Select 'Commit Changes' to save the new Connector information to the server.xml file so that it is available the next time Tomcat is started

Was this answer helpful?

Related Articles

SSL Installations
SSL installation depends on the type of server you are securing. Please select below the server...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apple Mac OS X Server
Log in to admin server as a root. Create a folder /etc/httpd/ssl.crt/ (if it does not exist)....
Barracuda VPN server
Installing SSL certificate on Barracuda VPN serverImport CertificatesFrom the appliance web...
Cisco ACS Server
Note: If the domain/site certificate is created using CA certificate, you need to repeat steps...