Enabling HTTPS For localhost
Posted By : Ravindra Jha | 14-Nov-2014
HTTPS uses SSL(Secured Socket Layer) or TLS(Transport Layer Security) under reguler HTTP to guarantee a secure communication by encrypting and decrypting the message.I'll show you how to access localhost using HTTPS protocol,for that you will need a self signed certificate for which steps are listed below.
There are following steps to create ssl certificate using java Keytool command-
1. Create a JKS format keystore
$ keytool -genkeypair -alias tomcat1 -keyalg RSA -keystore keystore.jks
This command will ask you to Enter keystore password first and than various details for your keystore followed by keystore password again, It will create a file named- keystore.jks
2. Create another keystore with different alias name which will act as CA.
$ keytool -genkeypair -alias tomcat2-keystore server.p12 -storetype pkcs12 -keyalg RSA
This command will ask you same details as above and will generate server.pkcs12 file which is your local CA.
3. Export a certificate using above Keystore created in step 2.
$ keytool -exportcert -alias tomcat2 -file certificate.cer -keystore server.p12 -storetype pkcs12
This will generate a certificate named certificate.cer which you need to import in keystore.
4. Import the above created certificate into the keystore created in step 1.
$ keytool -importcert -keystore keystore.jks -alias tomcat2 -file certificate.cer -v -trustcacerts
Now configure your tomcat to support your HTTPS protocol over port 8443 with following configuration-
<Connector clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"enableLookups="true" disableUploadTimeout="true"acceptCount="100" maxThreads="200"scheme="https" secure="true" SSLEnabled="true" keystoreFile="<your path>/keystore.jks"keystoreType="JKS" keystorePass="password"truststoreFile="<your path>/keystore.jks" truststoreType="JKS" truststorePass="password"SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS"/>
As we have set Connector attribute clientAuth to true So we will have to import our trustore file(server.p12) into our browser.
While importing certificate browser will ask you for a keystore password.
Now hit https://localhost:8443 will open a tomcat home page.
Note-
keep all password same to avoid confusion.
Thanks
Ravindra Jha
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Ravindra Jha
Ravindra is a seasoned Java and Grails lead developer with excellent experience in deployment , monitoring , optimisation of web applications for scalability and performance on Amazon EC2 and other Amazon Web Services.