(Optional) Set up Apache Tomcat Web Server for use with SSL/TLS
It is possible to use SSL/TLS to encrypt the communication between the client (= web browser) and the Apache Tomcat web server. Changes to the configuration of Tomcat and a valid key store are required.
For detailed instructions on how to create a keystore file and use Tomcat with SSL, refer to the official Tomcat documentation, for example here for Tomcat 9.
If a valid key store file is available, Tomcat can be configured to use it:
- Open the folder “<Tomcat installation>/conf” and edit the file
server.xml
. Look for a section similar to:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="<LOCATION TO KEYSTORE FILE>" keystorePass="<KEYSTORE PASSWORD>"
clientAuth="false" sslProtocol="TLS"
server="Tomcat"/>
-->
- This section is usually commented out. Remove the comments and edit the section so it looks e.g. as follows:
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"
server="Tomcat"/>
This defines a new connector using SSL. It assumes that there is a valid key store with password “changeit” (attribute “keystorePass”) at “C:\.keystore” (attribute “keystoreFile”). These parameters have to be adapted to the desired environment.
After changing the file and restarting Tomcat, the ADONIS web client is available at “https://<SERVER_NAME>:8443/ADONIS13_0”.
The default value of the SSL HTTP/1.1 Connector Port is 8443. You can change this value here.