SSL/HTTPS Implementation for apex application deployed on Apache Tomcat

Introduction:

This article shows how to enable HTTPS for Tomcat. It uses a self-signed certificate, but you could replace this with a valid Certificate Authority (CA) certificate. In our case APEX is deployed on Apache Tomcat.

Environment:

In our case, version is apache-tomcat-9.0.36

High level steps:

1. Create a keystore file using keytool
2. Configuring Tomcat for using the keystore file, to enable HTTPS
3. Access the URL and check the changes

Step 1 — Create a keystore file using keytool

By default, when you finish installing Tomcat Server, it supports only HTTP protocol. If you want to use SSL (HTTPS) you need to perform a few more configuration steps.

What is keytool?

– Keytool is an existing tool of JDK, which helps you generate keystore
– This tool is located in the bin directory of the JDK.

Execute the following command to create a file called “keystore.jks”

First, it will ask you to create a password

[tomcat@apps ~]$ $JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]: Doyensys
What is the name of your organization?
[Unknown]: Doyensys
What is the name of your City or Locality?
[Unknown]: Chennai
What is the name of your State or Province?
[Unknown]: Tamilnadu
What is the two-letter country code for this unit?
[Unknown]: IN
Is CN=Unknown, OU=Doyensys, O=Doyensys, L=Chennai, ST=Tamilnadu, C=IN correct?
[no]: yes

Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 90 days
for: CN=Unknown, OU=Doyensys, O=Doyensys, L=Chennai, ST=Tamilnadu, C=IN

Copy the created keystore file to conf directory of apache tomcat.

Step 2 — Configuring Tomcat for using the keystore file, to enable HTTPS

The next step is to configure Tomcat so that it supports SSL (HTTPS).

Note:
server.xml is a file located in the conf directory of the Tomcat.
ie, “$CATALINA_HOME/conf/server.xml”

Open the server.xml file, and find the position as indicated in the following illustration:

After the above: Amend path and password for your keystore like below,

Step 3 — Access the URL and check the changes

As HTTPS configuration is listening on port 8443. We should Restart the Tomcat Server. After restart, you can access the link and see the changes.

Abishek Kathiresan