Skip to content

Instantly share code, notes, and snippets.

@yanokwa
Last active February 8, 2016 18:46
Show Gist options
  • Save yanokwa/15d4d9a81cd81e7fa0fb to your computer and use it in GitHub Desktop.
Save yanokwa/15d4d9a81cd81e7fa0fb to your computer and use it in GitHub Desktop.
### SSL Part 2: Configure Tomcat 6 with Java KeyStore (JKS)
This is part two of a three-part series on how to configure a single SSL certificate for use on both Tomcat and Apache. Here we'll cover setting up Tomcat 6 to use your Java KeyStore, which we created in [Part 1](/tutorials/ssl-create-java-keystore-jks-tomcat.php) of this series.
#### 1\. Adding the SSL connector to Tomcat's configuration
Tomcat 6 stores its configuration in /etc/tomcat6/server.xml
To open the file, run the following:
# sudo nano /etc/tomcat6/server.xml
Scroll down until you find Tomcat's default HTTP:8080 connector.
It should look like this:
<pre class="shelloutput"><Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" /></pre>
Just under that code, copy and paste in the following:
<pre class="shelloutput"><Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="JKS"
keystoreFile="/etc/my_ssl/mysite.jks"
keystorePass="changeit" /></pre>
If you followed part one of my guide without any changes, this should be correct. If not, make sure that the file referenced in line 4 of the connector exists, and has proper permissions.
Also, make sure you update "changeit" in line 5 with the password you created for your KeyStore.
#### 2\. Restart Tomcat 6
# sudo service tomcat restart
If all is well, tomcat should restart successfully within 30 seconds or so.
#### 3\. Test the SSL Connector on TCP Port 8443
First let's make sure that Tomcat is indeed running, by testing the default port (8080). Open up a browser and go to
http://your.domain.com:8080
You should see the "It Works" Tomcat welcome page.
Now, let's try the SSL Connector we configured. Point your browser to
https://your.domain.com:8443
You should again see the "It Works" Tomcat welcome page.
If so, congratulations, you've successfully configured Tomcat 6 to use SSL!
#### Troubleshooting
I won't go into to many troubleshooting scenarios here, but I thought I'd cover a few of the most common ones...
If tomcat does not restart successfully after adding the SSL Connector in step 1, double-check your server.xml and make sure you added the SSL connector properly:
1. keystoreFile parameter points to the right JKS file
2. keystorePass parameter has the correct password in it
3. you didn't accidentally uncomment one of the example connectors
4. make sure that tomcat has read permissions to the KeyStore file
If tomcat restarts successfully, but you don't see the "It Works" page from
http://your.domain.com:8080
or
https://your.domain.com:8443
make sure that both TCP Ports 8080 and 8443 are open to incoming connections in your firewall.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment