Skip to main content

How to install a SSL certificate in Tomcat 8

If you want to run your web app on Tomcat 8 (Linux) under the HTTPS umbrella, these are the steps that you need to follow. In this example we will use test domain example.com:

1) Purchase an SSL certificate from trusted provider. Price ranges from $5 to over $100 per year.

2) SSH to your Linux server and, from your personal directory /home/youruser/ type the following command in order to generate the private key:
keytool -genkey -alias tomcat -keyalg RSA -keystore example.keystore

3) You will be asked some questions. The most important ones are the keystore password (let's assume it is yourPassword) and the First and last names, which is actually misleading because you need to enter the domain name: example.com.

4) Generate your local Certificated Signing Request (CSR) with this command:
keytool -certreq -keyalg RSA -alias tomcat -file example.csr -keystore example.keystore

5) Open the CSR file that you have just generated with vim example.csr, select all the content and copy it to the clipboard.


6) Paste the CSR from your clipboard in your trusted provider's website in order to issue the SSL certificate.

7) You will receive an email with a root certificate, at least one intermediate certificate and a signed certificate in CRT format.

8) Transfer all these files to the /home/youruser/ directory in the server using a FTP tool such as Filezilla.

9) Import the root certificate:
keytool -import -alias root -keystore example.keystore -trustcacerts -file yourRootCertificate.crt

10) Import each intermediate certificate (with a different alias):
keytool -import -alias intermediate1 -keystore example.keystore -trustcacerts -file yourFirstIntermediateCert.crt
keytool -import -alias intermediate2 -keystore
example.keystore -trustcacerts -file yourSecondIntermediateCert.crt

11) Import your signed certificate:
keytool -import -alias tomcat -keystore example.keystore -file yourSignedCert.crt

12) From the tomcat8/conf/server.xml file, add or edit the following code:
<Connector port="8443" maxThreads="150" scheme="https" secure="true"
           SSLEnabled="true" keystoreFile="/home/youruser/example.keystore"                   keystorePass="yourPassword" clientAuth="false" 
           keyAlias="tomcat" sslProtocol="TLS"/>

13) If you want to force the HTTPS to be loaded at all times, change the redirect of port 8080 in server.xml to 443. And add the following code in web.xml inside the <web-app>:
<!-- Require HTTPS for everything except /img (favicon) and /css. -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOnly</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOrHTTP</web-resource-name>
      <url-pattern>*.ico</url-pattern>
      <url-pattern>/img/*</url-pattern>
      <url-pattern>/css/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>


14) If you are using a hosting provider such as Microsoft Azure, you will need to map the private and public ports in the virtual machine and upload the CRT certificates in the cloud service, as per below :

15) Your service should be available now on https://example.com, and automatically redirected to the HTTPS version from http://example.com.

Popular posts from this blog

How to jump to time offsets in HTML5 video

Let's say that you have a 30-minute WEBM video file, from which you just want to play the following video segments , jumping from one to the other automatically  without interruptions : [00:01:25.00 - 00:02:25.00] -> from second 85 to 145 [00:11:40.00 - 00:11:55.00] -> from second 700 to 715 [00:20:26.00 - 00:21:07.00] -> from second 1226 to 1267 [00:26:11.00 - 00:28:01.00] -> from second 1571 to 1681 To increase the complexity, let's think that you have these video segments in a PHP variable $arrayVideoSegments  (normally the case if they were retrieved from the database).   $arrayVideoSegments[0]->startTime = 85   $arrayVideoSegments[0]->endTime = 145   $arrayVideoSegments[1]->startTime = 700   $arrayVideoSegments[1]->endTime = 715   $arrayVideoSegments[2]->startTime = 1226   $arrayVideoSegments[2]->endTime = 1267   $arrayVideoSegments[3]->startTime = 1571   $arrayVideoSegments[3]->endTime = 1681 The

The Ethics Canvas

In 2008, Alexander Osterwalder presented an innovative tool called " Business Model Canvas " (BMC) that aimed to help entrepreneurs to capture the fundamental business knowledge about their project, and bring about pivots in order to make the business model more consistent and successful.  Since then, the BMC has helped over 5 million entrepreneurs increase the value that they provide to their users, and find a sustainable model. In 2015, a group of researchers from ADAPT Centre  started using a similar approach in order to detect at early stage all the ethical implications of a project, and help entrepreneurs and researchers pivot their idea in order to minimise these issues. If you think about new technologies such as biotech, AI, IoT, VR, biometrics, blockchain, 3D printing,... they all bring great advancements for humanity, but they have some potential ethical issues that could have a catastrophic impact. After some months of hard work and experiments, we h

El Lean Canvas, explicado paso a paso

Tengo el honor de ser profesor del curso Startup Innovation Lab , del Plan de Empleo para la Educación Superior , en el que jóvenes canarios en situación de desempleo descubren las principales técnicas de emprendimiento siguiendo la metodología Lean Startup . Dado que no hay muchos ejemplos prácticos y en español sobre cómo completar el Lean Canvas , he creado un vídeo de 14 minutos en el que se explica, paso a paso, cómo completar el canvas utilizando Spotify como producto de ejemplo. Éste es el canvas resultante. Espero que sea de utilidad al igual que lo está siendo para mis alumnos.