Task 17: Configure Tomcat for HTTPS support

Note This is an optional task.

This task is required only if SSL has been configured between Apache and Tomcat. If you are using mod_jk for communications between Apache and Tomcat (as described in Task 8: Deploy and configure the web server > Apache > Task A: Deploy the Apache HTTP server) or the proxy balancer, you do not need to perform the steps in this task.

Follow these steps:

  1. Navigate to the C:\Program Files\Java\jre1.8.0_xx\bin directory, and then make sure that keytool.exe is stored in this directory.

  2. Copy the directory path (C:\Program Files\Java\jre1.8.0_xx\bin) to your clipboard or paste it to Notepad, as you will need it in the next steps .

  3. Add this path to the Path environment variable.

  4. Click OK repeatedly to exit.
  5. Open a DOS command prompt and change the directory to C:\Program Files\Apache Software Foundation\Tomcat 8.0_SMWeb.

  6. Run the following command to generate the keystore file and set passwords for this keystore file by using the Java keytool:

    keytool -genkey -alias tomcat -keyalg RSA -keystore Chatkeystore -keypass keypasswd -storepass storepasswd -validity 3600
  7. The system prompts a series of question, including your first and last name, organizational unit, organization, city, state, and country code. Provide answers to these information and then press Enter, respectively.

  8. Finally you are presented with the values for the keytool. Type yes and then press Enter.

    This command line returns.

  9. Run the following command to generate the certificate file for the keystore:

    keytool -export -trustcacerts -alias tomcat -file server.cer -keystore Chatkeystore -storepass storepasswd

  10. The server.cer certificate file is generated.

  11. Run the following command to import the self-signed certificate to the Java security folder:

    keytool -import -trustcacerts -alias tomcat -file server.cer -keystore "C:\Program Files\Java\jre1.8.0_60\lib\security\cacerts" -storepass changeit

    The system starts to the certificate and prompts you to answer a number of questions.

    Note The certificate password for cacerts is changeit.

  12. The system asks if you trust this certificate. Type yes and then press Enter:

    The certificate is added to the keystore:

  13. Close the DOS command window.

  14. Navigate to the C:\Program Files\Java\jre1.8.0_xx\lib\security directory to verify that the cacerts file is generated.

  15. Navigate to the C:\Program Files\Apache Software Foundation\Tomcat 8.0_SMWeb directory to verify that the Chatkeystore and server.cer files are generated.

  16. Navigate to the C:\Program Files\Apache Software Foundation\Tomcat 8.0_SMWeb\conf directory.

  17. Copy the server.xml file and save it as server_OOB.xml.

  18. Open the server.xml file with a text editor.
  19. Browse to the bottom of the file and insert a few blank lines above </Host>.

  20. Insert the following codes above </Host>:

    <Connector protocol="org.apache.coyote.http11.Http11Protocol"
    port="8443" minSpareThreads="5" maxSpareThreads="75"
    enableLookups="true" disableUploadTimeout="true"
    acceptCount="100" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="Chatkeystore"
    keystorePass="storepasswd"/>
    						

  21. Save your changes and close the server.xml file.