Skip to main content

How to install a SSL certificate in Tomcat 8

If you want to run your web app on Tomcat 8 (Linux) under the HTTPS umbrella, these are the steps that you need to follow. In this example we will use test domain example.com:

1) Purchase an SSL certificate from trusted provider. Price ranges from $5 to over $100 per year.

2) SSH to your Linux server and, from your personal directory /home/youruser/ type the following command in order to generate the private key:
keytool -genkey -alias tomcat -keyalg RSA -keystore example.keystore

3) You will be asked some questions. The most important ones are the keystore password (let's assume it is yourPassword) and the First and last names, which is actually misleading because you need to enter the domain name: example.com.

4) Generate your local Certificated Signing Request (CSR) with this command:
keytool -certreq -keyalg RSA -alias tomcat -file example.csr -keystore example.keystore

5) Open the CSR file that you have just generated with vim example.csr, select all the content and copy it to the clipboard.


6) Paste the CSR from your clipboard in your trusted provider's website in order to issue the SSL certificate.

7) You will receive an email with a root certificate, at least one intermediate certificate and a signed certificate in CRT format.

8) Transfer all these files to the /home/youruser/ directory in the server using a FTP tool such as Filezilla.

9) Import the root certificate:
keytool -import -alias root -keystore example.keystore -trustcacerts -file yourRootCertificate.crt

10) Import each intermediate certificate (with a different alias):
keytool -import -alias intermediate1 -keystore example.keystore -trustcacerts -file yourFirstIntermediateCert.crt
keytool -import -alias intermediate2 -keystore
example.keystore -trustcacerts -file yourSecondIntermediateCert.crt

11) Import your signed certificate:
keytool -import -alias tomcat -keystore example.keystore -file yourSignedCert.crt

12) From the tomcat8/conf/server.xml file, add or edit the following code:
<Connector port="8443" maxThreads="150" scheme="https" secure="true"
           SSLEnabled="true" keystoreFile="/home/youruser/example.keystore"                   keystorePass="yourPassword" clientAuth="false" 
           keyAlias="tomcat" sslProtocol="TLS"/>

13) If you want to force the HTTPS to be loaded at all times, change the redirect of port 8080 in server.xml to 443. And add the following code in web.xml inside the <web-app>:
<!-- Require HTTPS for everything except /img (favicon) and /css. -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOnly</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTTPSOrHTTP</web-resource-name>
      <url-pattern>*.ico</url-pattern>
      <url-pattern>/img/*</url-pattern>
      <url-pattern>/css/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>


14) If you are using a hosting provider such as Microsoft Azure, you will need to map the private and public ports in the virtual machine and upload the CRT certificates in the cloud service, as per below :

15) Your service should be available now on https://example.com, and automatically redirected to the HTTPS version from http://example.com.

Popular posts from this blog

How to jump to time offsets in HTML5 video

Let's say that you have a 30-minute WEBM video file, from which you just want to play the following video segments , jumping from one to the other automatically  without interruptions : [00:01:25.00 - 00:02:25.00] -> from second 85 to 145 [00:11:40.00 - 00:11:55.00] -> from second 700 to 715 [00:20:26.00 - 00:21:07.00] -> from second 1226 to 1267 [00:26:11.00 - 00:28:01.00] -> from second 1571 to 1681 To increase the complexity, let's think that you have these video segments in a PHP variable $arrayVideoSegments  (normally the case if they were retrieved from the database).   $arrayVideoSegments[0]->startTime = 85   $arrayVideoSegments[0]->endTime = 145   $arrayVideoSegments[1]->startTime = 700   $arrayVideoSegments[1]->endTime = 715   $arrayVideoSegments[2]->startTime = 1226   $arrayVideoSegments[2]->endTime = 1267   $arrayVideoSegments[3]->startTime = 1571   $arrayVideoSegments[3]->endTime = 1681 The

5 learnings from a techie turned into a NFT artist

In September 2021 I chose to sell my crypto AI art business after two enriching (and often painful) years as a part-time sole founder. Today  AImade.art  is one of the best-selling AI art collections on Opensea . I want to share with you some of the key lessons I learned during this period: Work hard and get lucky.  And I got really lucky. On February 24th 2021 I had planned to shut down AImade.art , back then a business selling AI Art printed on canvas. I was discouraged after several months with no sales and my Shopify billing cycle was ending that day. Then something incredible happened: I missed the Shopify deadline and I sold an artwork one hour later. The buyer asked me: " Can I get it in as an NFT? ". I had absolutely no idea what an NFT was, but after a bit of research I found the concept so interesting that, two days later, I had pivoted the entire business to  NFT art made by AI . Sales started to pick up: I had finally found product-market fit . Impostor syndr

Learnings from "The 7 habits of highly effective people"

I just finished reading " The 7 habits of highly effective people ", a best-seller by Stephen R. Covey, that has inspired me in many levels. I am sharing some of the learnings I got, mostly as a personal bookmark, but hopefully this post can be useful for the community. Habit 1: Be Proactive It is not what happens to us, but our response to what happens to us that hurts us.  There is a space between stimulus and response, and the key to our growth and happiness is how we use that space. While reactive people feel victimized and out of control, proactive people have the power to choose how to respond to any circumstances (i.e., smiling with bad weather). We must focus our efforts on the things we can do something about, and accept what we can't change (past events, weather,...). Try replacing victimized language (i.e., " There is nothing I can do ", " I have to do it ",...) with proactive language (" Let's see all the options "