(Optional) Set up Apache Tomcat Web Server for use with SSL/TLS
It is possible to use SSL/TLS to encrypt the communication between the client (= web browser) and the Apache Tomcat web server. Changes to the configuration of Tomcat and a valid key store are required.
For detailed instructions on how to create a keystore file and use Tomcat with SSL, refer to the official Tomcat documentation, for example here for Tomcat 10.1.
If a valid key store file is available, Tomcat can be configured to use it:
- Open the folder “<Tomcat installation>/conf” and edit the file
server.xml
. Look for a section similar to:
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
maxParameterCount="1000"
>
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
-->
- The
<Connector>
element is usually commented out. Remove the comments and edit the section so it looks e.g. as follows:
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless of
the SSLImplementation selected. JSSE style configuration is used below.
-->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
sslProtocol="TLS"><SSLHostConfig><Certificate certificateKeystoreFile="C:/.keystore"
certificateKeystorePassword="changeit"/></SSLHostConfig></Connector>
This defines a new connector using SSL. It assumes that there is a valid key store with password
“changeit” (attribute certificateKeystorePassword
) at "C:\.keystore" (attribute
certificateKeystoreFile
). These parameters have to be adapted to the desired environment.
After installing and configuring the ADONIS web application, ADONIS is available at “https://<SERVER_NAME>:8443/ADONIS16_1”.
The default value of the SSL HTTP/1.1 Connector Port is 8443. You can change this value here.