Access via HTTPS
To enable HTTPS support for Tomcat, you need to edit the configuration file server.xml.
- Open the server.xml file in a text editor. You can find this file in /path/to/tomcat/conf/server.xml.
Find the following lines:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" ></Certificate>
</SSLHostConfig>
</Connector>If the block is commented out, uncomment it.
Edit the configuration and add your port and certificates, for example:
<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="1100715200">
<SSLHostConfig hostName="XX.XXXX.XX">
<Certificate certificateKeyFile="conf/private.key"
certificateFile="conf/zertifikat.crt"
certificateChainFile="conf/CHAIN.pem"
type="RSA" ></Certificate>
</SSLHostConfig>
</Connector>For more information on the SSLHostConfig property, see https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig
Below you can find a summary of the most important options:
Attribut Wert Beschreibung port 443 (default) Port for the HTTPS connection. URIEncoding UTF-8 UTF-8 should be used, as it is also used by FORMCYCLE. maxHttpHeaderSize 65536 This value should not be changed. maxPostSize 1100715200 Maximum size in bytes for POST requests. This applies, for example, when a form is submitted and includes file uploads. 1100715200 means 1 GB. hostName * Name or IP address of the host. certificateKeyFile *.key The private key of the certificate. certificateFile *.crt The certificate file. certificateChainFile *.* The certificate of the certificate authority (CA), if required.
Further possibilities to configure a certificate in the Tomcat at the connector:
Integration via KeyStore:
<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.keystore"
certificateKeystorePassword="mypwd" ></Certificate>
</SSLHostConfig>
</Connector>
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.keystore"
certificateKeystorePassword="mypwd" ></Certificate>
</SSLHostConfig>
</Connector>
If you have a KeyPair file (*.pfx, *.p12) you can also include it directly:
<Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.pfx"
certificateKeystorePassword="mypwd"
certificateKeystoreType="PKCS12" ></Certificate>
</SSLHostConfig>
</Connector>
URIEncoding="UTF-8"
maxHttpHeaderSize="65536"
maxPostSize="10485760"
relaxedQueryChars="[ \ ] ^ ` { | }">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/file.pfx"
certificateKeystorePassword="mypwd"
certificateKeystoreType="PKCS12" ></Certificate>
</SSLHostConfig>
</Connector>