Setting SSL or https in Tomcat with openSUSE

Published on April 7, 2017 by Daniel Lanza

 opensuse  tomcat

A tutorial to configure Tomcat 8 to support SSL or https connection.

Requirements

You will need the following:

This tutorial was created with:

Steps

Create a keystore using Java JDK

Keystore file is a container for authorization certificates or public key certificates. They are identified by an alias from a trust chain.

A new keystore file with only 1 alias will be created with the following parameters:

File keystore.jks was created. Check the contents referring to the keystore file (keystore.jks) or the keystore alias (tomcat).

dalanz@linux-geij:~> keytool -list -keystore keystore.jks
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Apr 7, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): 48:36:A0:BA:49:25:D8:B4:0E:1B:DB:07:98:10:52:AC:FE:6A:7A:52
dalanz@linux-geij:~> keytool -list -alias tomcat
Enter keystore password:
tomcat, Apr 7, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1): 48:36:A0:BA:49:25:D8:B4:0E:1B:DB:07:98:10:52:AC:FE:6A:7A:52

Set keystore in Tomcat

In Tomcat directory, edit server.xml located in conf folder. Find the following expression and uncomment.

<--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
-->

Add keystoreFile and keystorePass parameters.

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="/home/dalanz/keystore.jks" keystorePass="dalanzg" />

Check SSL or https connection

Go to https://localhost:8443 with your browser. The certificate generated was self-signed, so the connection is not secure. You need to trust in your own certificate to continue.

Connection is not secure
Connection is not secure

In this case, with FireFox, save the certificate in the browser. Now, browser and tomcat share the same certificate and you can access with a SSL or https connection.

Add exception
Add exception
Confirm security exception
Confirm security exception
Tomcat with SSL or https connection
Tomcat with SSL or https connection
comments powered by Disqus

See also

How to install Tomcat in openSUSE

Requirements You will need the following: Tomcat 8 Optional -> (Change Java OpenJDK to Oracle JDK to run Tomcat. Steps Download Tomcat 8. This case will be Apache Tomcat 8.0.42 -> Core tar.gz (apache-tomcat-8.0.42.tar.gz). Unzip apache-tomcat-8.0.42.tar.gz file and place it in folder /usr/local/tomcat. /usr/local is a folder similar to /usr and remain safe from system software upgrades. dalanz@linux-geij:~> tar -xf apache-tomcat-8.0.42.tar.gz dalanz@linux-geij:~> sudo mkdir -p /usr/local/tomcat dalanz@linux-geij:~> sudo mv apache-tomcat-8.

Read more

Change OpenJDK to Oracle JDK in openSUSE

When installing openSUSE, OpenJDK is installed by default. This tutorial will explain how to change to Oracle JDK. dalanz@linux-geij:~> java -version openjdk version "1.8.0_121" OpenJDK Runtime Environment (IcedTea 3.3.0) (suse-8.1-x86_64) OpenJDK 64-Bit Server VM (build 25.121-b13, mixed mode) Requirements You will need the following: Oracle JDK 8 Steps Download Oracle JDK 8. This case will be Linux x64 (jdk-8u121-linux-x64.tar.gz). Unzip jdk-8u121-linux-x64.tar.gz file and change the ownership

Read more

Share transient folder in openSUSE with VirtualBox

This tutorial will explain how to share a host holder into your guest virtual machine. Requirements You will need the following: An openSUSE virtual machine with VirtualBox (Check this link Steps Make transient folder Mount folder Copy and paste files Make transient folder Go to share folder settings and create a new transient folder. Create a new transient folder Give the name to the transient folder New transient folder created It is important to remember the transient folder name.

Read more