How to configure tomcat to use both http and https in the same application?
12,826
The main idea here is that you want to specify which pages are using SSL
Using SSL in Tomcat requires 3 main step:
- You first need to create a SSL certificate. For instance you can use the tool provided with the JDK: keytool. For instance:
keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.ssl
. You will be asked for a password, and once you filled all information needed, press RETURN to use the same password. Move the file created under CATALINA_HOME. - You then need to enable the SSL connector in tomcat. To do so, in
conf/server.xml
, for instance: http://fpaste.org/w3yu/ (SECTION 1) - You need to specify in your application which URL require the usage of SSL. As an example, let's take the manager application. In WEB-INF/web.xml just before
</security-constraint>
, add the following: Same link as above but see SECTION 2.
I know this is very brief but that should give you a lead of what to do :)
Author by
Jérôme Verstrynge
You can contact me via my LinkedIn profile.
Updated on September 17, 2022Comments
-
Jérôme Verstrynge over 1 year
I understand that URL patterns can be used to have some handled under HTTP and others under HTTPS.
Let's imagine a web application with two servlets, each accessed with different URL patters (for example .../myapp/servlet1 and .../myapp/servlet2), how can I have to first one handled by HTTP and the second with HTTPS?
Can you provide a configuration example?
Thanks!
-
alvosu over 13 yearsDo you use Apache HTTP Server or other HTTP server as frontend?
-
Jérôme Verstrynge over 13 yearsNo, but I could if necessary...
-
-
Jérôme Verstrynge over 13 yearsThanks, I am copying the content of your link here, since it has a TTL - <!-- SECTION 1: In server.xml --> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystorePass="password" keystoreFile="${catalina.home}/keystore.ssl" /> <!-- SECTION 2: In WEB-INF/web.xml --> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint>
-
hina10531 about 9 yearsfpaste.org/w3yu is not available at this time. This answer will be helpful for me, I think. Could you please direct me rightly?