Previous Topic: Verify Your Apache Tomcat Installation and ConfigurationNext Topic: How to Update an Existing Deployment of Web Services

Web ServicesHow to Configure and Deploy Web ServicesHow to Configure Tomcat as HTTPS

How to Configure Tomcat as HTTPS

You can optionally use HTTPS instead of HTTP for user access. This option lets you specify a user name and password to minimize concerns about the data being exposed in clear text on the network.

To configure Web Services to use HTTPS, follow these steps:

  1. Complete the following steps to generate a keystore:
    1. In OMVS, enter the following command: 
      $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

      A prompt appears.

    2. Specify a password, press Enter, and answer the questions.
      • We recommend using the host name that Tomcat runs on for the CN value so that when you are prompted to accept the certificate, it is clear which server it is coming from.
      • Optionally, specify a different location for the default keystore by replacing /path/to/my/keystore in the following command:
        $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore

      A default keystore is created in your home directory with one self-signed certificate inside.

  2. Update the Apache Tomcat configuration parameters in the server.xml file located in the tomcat_install_dir/conf directory as follows:
    1. Uncomment or replace the SSL connector information to specify site-specific values for the port and keystoreFile parameters.

      Note: Ensure the keystorePass value matches the password specified in Step 1.

      Sample SSL connector data follows:

      <!-- Define a SSL HTTP/1.1 Connector on port 8443…
<Connector port="8040" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystorePass="Y7ssl"
keystoreFile="/ca/.keystore"/>
    2. Edit the redirectPort value in the standard HTTP connector information to match the value specified in the SSL connector data: 
      <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000" 
               redirectPort="8040" />
  3. Add the following lines before </web-app> at the end of the web.xml file located in tomcat_install_dir/conf: 
    <security-constraint>
    <web-resource-collection>
        <web-resource-name>Tomcat</web-resource-name>
        <url-pattern>*.html</url-pattern>
    </web-resource-collection>
    <user-data-constraint>    
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

After you start the Apache Tomcat server, you will be prompted to indicate whether you trust the defined certificate. Click Yes to import it to your trusted certificates.

Note: For more information about trusted certificates, see Apache Tomcat 6.0 on the Web.