Skip to main content
Version: 13.0

(Optional) Set up Apache Tomcat Web Server for use with SSL/TLS

It is possible to use SSL/TLS to encrypt the communication between the client (= web browser) and the Apache Tomcat web server. Changes to the configuration of Tomcat and a valid key store are required.

note

For detailed instructions on how to create a keystore file and use Tomcat with SSL, refer to the official Tomcat documentation, for example here for Tomcat 9.

If a valid key store file is available, Tomcat can be configured to use it:

  • Open the folder “<Tomcat installation>/conf” and edit the file server.xml. Look for a section similar to:

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

<!--

<Connector

protocol="org.apache.coyote.http11.Http11NioProtocol"

port="8443" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="<LOCATION TO KEYSTORE FILE>" keystorePass="<KEYSTORE PASSWORD>"

clientAuth="false" sslProtocol="TLS"

server="Tomcat"/>

-->

  • This section is usually commented out. Remove the comments and edit the section so it looks e.g. as follows:

<!-- Define a SSL HTTP/1.1 Connector on port 8443

This connector uses the JSSE configuration, when using APR, the

connector should be using the OpenSSL style configuration

described in the APR documentation -->

<Connector

protocol="org.apache.coyote.http11.Http11NioProtocol"

port="8443" maxThreads="200"

scheme="https" secure="true" SSLEnabled="true"

keystoreFile="C:/.keystore" keystorePass="changeit"

clientAuth="false" sslProtocol="TLS"

server="Tomcat"/>

This defines a new connector using SSL. It assumes that there is a valid key store with password “changeit” (attribute “keystorePass”) at “C:\.keystore” (attribute “keystoreFile”). These parameters have to be adapted to the desired environment.

After changing the file and restarting Tomcat, the ADOIT web client is available at “https://<SERVER_NAME>:8443/ADOIT13_0”.

note

The default value of the SSL HTTP/1.1 Connector Port is 8443. You can change this value here.