(Optional) Set up Apache Tomcat Web Server for use with SSL#
It is possible to use SSL (Secure Socket Layer) communication in the web client. To do this, changes to the configuration of Tomcat and a valid key store are required. For details on how to create a key store and use Tomcat with SSL, refer to the official Tomcat documentation.
If a valid key store file is available, Tomcat can be configured to use it:
- Open the folder “<Tomcat installation>/conf” and edit the
file
server.xml. Look for a section similar to:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" />
-->
- This section is usually commented out. Remove the comments and edit the section so it looks e.g. as follows:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443"
protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
maxHttpHeaderSize="8192" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" keystoreFile="C:/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" />
This defines a new connector using SSL. It assumes that there is a valid key store with password “changeit” (attribute “keystorePass”) at “C:\.keystore” (attribute “keystoreFile”). These parameters have to be adapted to the desired environment.
After changing the file and restarting Tomcat, the ADOIT web client is available at “https://<SERVER_NAME>:8443/ADOIT12_0”.
note
The default value of the SSL HTTP/1.1 Connector Port is 8443. You can change this value here.