This document addresses only how to configure Tomcat to use SSL. The primary intent of this document is allow developers to configure Tomcat for use within an IDE (e.g. Eclipse or Netbeans). The Tomcat configuration provided in the document is to be used only on a software development workstation and is provided only to allow a software developer access to Tomcat for easy testing and debugging of web applications that will eventually be deployed to a production environment. The Tomcat configuration given below is NOT to be used on a product server.
PREREQUISITES
Before you begin, you must have the following:
1. How to configure Tomcat to use https.
To use the Java "server certificate" and "trusted server" jsk keystores with Tomcat, edit the Tomcat's server.xml file (found in $TOMCAT_HOME/conf) and find the line below:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
Immediately following the above line, add the following lines and save the changes:
<Connector SSLEnabled="true"
acceptCount="100"
className="org.apache.catalina.connector.http.HttpConnector"
clientAuth="true"
disableUploadTimeout="true"
enableLookups="true"
maxHttpHeaderSize="8192"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
port="8443"
scheme="https"
secure="true"
sslProtocol="TLS"
keystoreFile="/path/to/keystore/<the name of your Server Certificate jks>.jks"
keystorePass="the password for your Server Certificate jks"
truststoreFile="/path/to/keystore/<the name of your Server Trust Store jks>.jks"
truststorePass="the password for your Server Trust Store jks" />
When you have completed the above and have saved the changed; restart Tomcat. Once Tomcat has started, https will now be available on port 8443 and http will be available on port 8080.
To verify that the Tomcat configuration is correct, open a browser and go to "https://servername.mit.edu:8443/tomcat-docs/" and you should be prompted for your MIT Certificate after which the "The Apache Tomcat Servlet/JSP Container" documentation page will be displayed.