Skip to content

Configuration of HTTPS communication for Tomcat

Jump to bottom
Kamil Jarmusik edited this page Jul 1, 2024 · 14 revisions

NOTE: Set default password: changeit, if you want different ones, change the instances of changeit to your password.

  1. Go to home directory, and execute the command there: (if keytool not installed go to JAVA_HOME/bin, keytool included with the JRE)

keytool -keystore "$HOME/scada-lts.jks" -storepass changeit -deststoretype jks -genkeypair -keyalg RSA -alias tomcat -dname "CN=localhost, OU=Scada-LTS, O=Scada-LTS, L=Krakow , ST=Malopolskie, C=PL" -ext "SAN=DNS:localhost,IP:127.0.0.1"

on windows (cmd):

keytool -keystore "%HomeDrive%%HomePath%\scada-lts.jks" -storepass changeit -deststoretype jks -genkeypair -keyalg RSA -alias tomcat -dname "CN=localhost, OU=Scada-LTS, O=Scada-LTS, L=Krakow , ST=Malopolskie, C=PL" -ext "SAN=DNS:localhost,IP:127.0.0.1"

This command will create a file in home directory logged user: scada-lts.jks

  1. Next, you need to update the tomcat configuration with https communication, for this purpose, in file: CATALINA_HOME/conf/server.xml you need to add an additional connector in tag: 
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${user.home}/scada-lts.jks" keystorePass="changeit"
compression="on"/>
  1. Run Tomcat with Scada-LTS, after stared Tomcat, go to home directory, and execute in command line:

keytool -printcert -sslserver 127.0.0.1:8443 -rfc >> "$HOME/public.crt"

on windows (cmd):

keytool -printcert -sslserver 127.0.0.1:8443 -rfc >> "%HomeDrive%%HomePath%\public.crt"

This command will create a file in home directory logged user: public.crt

  1. Next step import public.crt to JVM cacerts (default password to cacerts is 'changeit'):

keytool -importcert -alias tomcat -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -file public.crt

on windows (cmd open as administrator):

keytool -importcert -alias tomcat -keystore "%JAVA_HOME%\lib\security\cacerts" -storepass changeit -file "%HomeDrive%%HomePath%\public.crt"

  1. If you get an error:

keytool error: java.lang.Exception: Input not an X.509 certificate

it means the crt file is corrupted, you need to repeat step 3.

  1. Remove cert:

keytool -delete -noprompt -alias tomcat -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -file public.crt

on windows (cmd open as administrator):

keytool -delete -noprompt -alias tomcat -keystore "%JAVA_HOME%/lib/security/cacerts" -storepass changeit -file "%HomeDrive%%HomePath%\public.crt"

Clone this wiki locally