Share This:

Hello,

 

I am writing this to help every fellow remedy admin who wants to add a certificate (SSL) to his tomcat midtier or smart it server. I could not find a simple procedure step anywhere so I will post my finding here whishing that it will help somebody.

 

I just want to thank Jean Christophe with his blog. It’s from this article that I was able to figure out how this is working.

 

So here we go, the process is simple when you know what to do.

 

Steps

Screenshots

In the tomcat install folder there is a folder named ‘conf’.

In this folder, you need to copy the certificate pfx file

Edit the file server.xml and add the following information:

    <Connector port="80" protocol="HTTP/1.1"

connectionTimeout="20000"

               redirectPort="443" />

 

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"            

                   maxThreads="2000" scheme="https" secure="true"

                   maxHttpHeaderSize="32768"

                   clientAuth="none"

                   sslEnabledProtocols="TLSv1.1, TLSv1.2, TLSv1.3"

                   ciphers="HIGH:!aNULL:!RC4:!MD5:@STRENGTH"

     keystoreFile="conf/%pfx filename%"

keystorePass="%pfx file password%"

                    keystoreType="PKCS12"

      />

This should enable https to work on the tomcat.

Now to always redirect http to https you need to add the following parameter to the web.xml file in the same folder

 

<!-- Force HTTPS, required for HTTP redirect! -->

   <security-constraint>

   <web-resource-collection>

<web-resource-name>Protected Context</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

    

   <!-- auth-constraint goes here if you require authentication -->

   <user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

   </user-data-constraint>

</security-constraint>

This will make every http call to the server redirected to https.

 

If you have any suggestion as to how I could improve this article don’t hesitate.