(Optional) Set up Apache Tomcat Web Server for use with SSL#

It is possible to use SSL (Secure Socket Layer) communication in the web client. To do this, changes to the configuration of Tomcat and a valid key store are required. For details on how to create a key store and use Tomcat with SSL, refer to the official Tomcat documentation.

If a valid key store file is available, Tomcat can be configured to use it:

  • Open the folder “<Tomcat installation>/conf” and edit the file server.xml. Look for a section similar to:

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

<!--

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true"

clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" />

-->

  • This section is usually commented out. Remove the comments and edit the section so it looks e.g. as follows:

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

maxThreads="150" scheme="https" secure="true"

maxHttpHeaderSize="8192" minSpareThreads="25" maxSpareThreads="75"

enableLookups="false" disableUploadTimeout="true"

acceptCount="100" keystoreFile="C:/.keystore" keystorePass="changeit"

clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" />

This defines a new connector using SSL. It assumes that there is a valid key store with password “changeit” (attribute “keystorePass”) at “C:\.keystore” (attribute “keystoreFile”). These parameters have to be adapted to the desired environment.

After changing the file and restarting Tomcat, the ADOIT web client is available at “https://<SERVER_NAME>:8443/ADOIT12_0”.

note

The default value of the SSL HTTP/1.1 Connector Port is 8443. You can change this value here.