Create a keystore, import the Secure Socket Layer (SSL)
certificate, and edit the conf/server.xml file
to define a connector for SSL on Apache Tomcat.
About this task
Follow the steps in this procedure to configure SSL on Apache
Tomcat. See
SSL Configuration HOW-TO for more details
and examples of configuring SSL for Apache Tomcat.
Procedure
- Create a keystore for your web server. You can
use the Java™ keytool command
to create a keystore.
keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore.jks
- Import the SSL certificate and the corresponding chain
certificate into your keystore by following the instructions provided
by the certificate authority.
- Edit the conf/server.xml file to define
a connector to use SSL. This connector must point to your
keystore.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/path/to/keystore.jks"
keystorePass="mypassword" />
- To enable TLS v1.2, which is required for iOS9, add the
following attribute to the <Connector> element:
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"
The result should be similar to this example:<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/path/to/keystore.jks"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"
keystorePass="mypassword" />
You must use
a JRE that supports TLS v1.2.
- Oracle JRE 1.7.0_75 or later
- Oracle JRE 1.8.0_31 or later
- Restart the web server. Now you can access
the web server by https://myserver:8443/...