Data privacy notice

 

When this content is loaded, usage information is transmitted to Vimeo and may be processed there.

 

             

Access via HTTPS

Modified on Mon, 16 Jan, 2023 at 10:59 PM

To enable HTTPS support for Tomcat, you need to edit the configuration file server.xml.

  1. Open the server.xml file in a text editor. You can find this file in /path/to/tomcat/conf/server.xml.
  2. Find the following lines:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
            <SSLHostConfig>
                <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                             type="RSA" ></Certificate>
            </SSLHostConfig>
    </Connector>

    If the block is commented out, uncomment it.

  3. Edit the configuration and add your port and certificates, for example:

    <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="1100715200">
        <SSLHostConfig hostName="XX.XXXX.XX">
            <Certificate certificateKeyFile="conf/private.key"
                         certificateFile="conf/zertifikat.crt"
                         certificateChainFile="conf/CHAIN.pem"
                         type="RSA" ></Certificate>
        </SSLHostConfig>
    </Connector>

    For more information on the SSLHostConfig property, see https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig

    Below you can find a summary of the most important options:

    AttributWertBeschreibung
    port443 (default)Port for the HTTPS connection.
    URIEncodingUTF-8UTF-8 should be used, as it is also used by FORMCYCLE.
    maxHttpHeaderSize65536This value should not be changed.
    maxPostSize1100715200Maximum size in bytes for POST requests. This applies, for example, when a form is submitted and includes file uploads. 1100715200 means 1 GB.
    hostName*Name or IP address of the host.
    certificateKeyFile*.keyThe private key of the certificate.
    certificateFile*.crtThe certificate file.
    certificateChainFile*.*The certificate of the certificate authority (CA), if required.


Further possibilities to configure a certificate in the Tomcat at the connector:

Integration via KeyStore:

<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" 
           URIEncoding="UTF-8" 
           maxHttpHeaderSize="65536" 
           maxPostSize="10485760"
           relaxedQueryChars="[ \ ] ^ ` { | }">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/file.keystore"
                     certificateKeystorePassword="mypwd" ></Certificate>
    </SSLHostConfig>
</Connector>

If you have a KeyPair file (*.pfx, *.p12) you can also include it directly:

<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" 
           URIEncoding="UTF-8" 
           maxHttpHeaderSize="65536" 
           maxPostSize="10485760"
           relaxedQueryChars="[ \ ] ^ ` { | }">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/file.pfx"
                     certificateKeystorePassword="mypwd"
                     certificateKeystoreType="PKCS12" ></Certificate>
    </SSLHostConfig>
</Connector>


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article