Accéder au contenu principal
Version : 16.0

(Optional) Set up Apache Tomcat Web Server for use with SSL/TLS

It is possible to use SSL/TLS to encrypt the communication between the client (= web browser) and the Apache Tomcat web server. Changes to the configuration of Tomcat and a valid key store are required.

Remarque

For detailed instructions on how to create a keystore file and use Tomcat with SSL, refer to the official Tomcat documentation, for example here for Tomcat 10.1.

If a valid key store file is available, Tomcat can be configured to use it:

  • Open the folder <Tomcat installation>/conf” and edit the file server.xml. Look for a section similar to:

<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

This connector uses the NIO implementation. The default

SSLImplementation will depend on the presence of the APR/native

library and the useOpenSSL attribute of the AprLifecycleListener.

Either JSSE or OpenSSL style configuration may be used regardless of

the SSLImplementation selected. JSSE style configuration is used below.

-->

<!--

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxThreads="150" SSLEnabled="true"

maxParameterCount="1000"

>

<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

<SSLHostConfig>

<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"

type="RSA" />

</SSLHostConfig>

</Connector>

-->

  • The <Connector> element is usually commented out. Remove the comments and edit the section so it looks e.g. as follows:

<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2

This connector uses the NIO implementation. The default

SSLImplementation will depend on the presence of the APR/native

library and the useOpenSSL attribute of the AprLifecycleListener.

Either JSSE or OpenSSL style configuration may be used regardless of

the SSLImplementation selected. JSSE style configuration is used below.

-->

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

SSLEnabled="true" maxThreads="150" scheme="https" secure="true"

sslProtocol="TLS"><SSLHostConfig><Certificate certificateKeystoreFile="C:/.keystore"

certificateKeystorePassword="changeit"/></SSLHostConfig></Connector>

This defines a new connector using SSL. It assumes that there is a valid key store with password “changeit” (attribute certificateKeystorePassword) at "C:\.keystore" (attribute certificateKeystoreFile). These parameters have to be adapted to the desired environment.

After installing and configuring the ADONIS web application, ADONIS is available at “https://<SERVER_NAME>:8443/ADONIS16_0”.

Remarque

The default value of the SSL HTTP/1.1 Connector Port is 8443. You can change this value here.