How do I set up SSL on Tomcat?
Author: Deron Eriksson
Description: This tutorial describes setting up a self-signed certificate on Tomcat.
Tutorial created using: Windows XP || JDK 1.5.0_09 || Eclipse Web Tools Platform 1.5.1 || Tomcat 5.5.20
(Continued from page 1)
Let's verify that communication is indeed encrypted. Let's open Eclipse's TCP/IP Monitor view and set up a monitor on port 8444 to forward to 8443 and a monitor on port 8081 to forward to 8080. Let's set the types to TCP/IP and start both monitors. After that, we can click OK.
Let's try hitting our application on port 8444. If we accept the warning about the certificate's authentity, we see our application in the browser window. The request to port 8444 gets forwarded to 8443, and we can observe the request and the response in the TCP/IP Monitor.
For comparison, let's also hit port 8081, which gets forwarded through the TCP/IP Monitor to our application running non-securely on port 8080.
Now let's examine the TCP/IP Monitor view in EclipseSW. If we try examining one of our requests on 8444 forwarded to 8443, we can see that we are unable to read the headers and bodies of the requests and responses.
However, if we try examining one of our 8081 requests that get forwarded to 8080, we can view the headers and bodies of the requests and responses.
In summary, it's quite easy to set up a self-signed certificate in TomcatSW using keytool and modifying server.xml to allow HTTP SSL connections. In addition, we have seen that we can use the TCP/IP Monitor view in Eclipse to verify that the SSL port communication isn't occurring in cleartext. If you need to set up a certificate that has been verified by a Certificate Authority, the Tomcat SSL documentation link at the beginning of this tutorial is a great place to start.