Access via HTTPS
To enable HTTPS support for Tomcat, you need to edit the configuration file server.xml.
- Open the server.xml file in a text editor. You can find this file in /path/to/tomcat/conf/server.xml.
Find the following lines:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" ></Certificate>
</SSLHostConfig>
</Connector>If the block is commented out, uncomment it.
Edit the configuration and add your port and certificates, for example:
<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="1100715200">
<SSLHostConfig hostName="XX.XXXX.XX">
<Certificate certificateKeyFile="conf/private.key"
certificateFile="conf/zertifikat.crt"
certificateChainFile="conf/CHAIN.pem"
type="RSA" ></Certificate>
</SSLHostConfig>
</Connector>For more information on the SSLHostConfig property, see https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig
Below you can find a summary of the most important options:
Attribut Wert Beschreibung certificateChainFile *.* The certificate of the certificate authority (CA), if required. certificateFile *.crt The certificate file. certificateKeyFile *.key The private key of the certificate. hostName * Name or IP address of the host. maxHttpHeaderSize 65536 This value should not be changed. maxPostSize 1100715200 Maximum size in bytes for POST requests. This applies, for example, when a form is submitted and includes file uploads. 1100715200 means 1 GB. port 443 (default) Port for the HTTPS connection. URIEncoding UTF-8 UTF-8 should be used, as it is also used by FORMCYCLE.
Further possibilities to configure a certificate in the Tomcat at the connector:
Integration via KeyStore:
<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.keystore"
certificateKeystorePassword="mypwd" ></Certificate>
</SSLHostConfig>
</Connector>
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.keystore"
certificateKeystorePassword="mypwd" ></Certificate>
</SSLHostConfig>
</Connector>
If you have a KeyPair file (*.pfx, *.p12) you can also include it directly:
<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.pfx"
certificateKeystorePassword="mypwd"
certificateKeystoreType="PKCS12" ></Certificate>
</SSLHostConfig>
</Connector>
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.pfx"
certificateKeystorePassword="mypwd"
certificateKeystoreType="PKCS12" ></Certificate>
</SSLHostConfig>
</Connector>