Wiki source code of Bereitstellung über HTTPS

Hide last authors
gru 3.17 1 To enable HTTPS support for Tomcat, you need to edit the configuration file //server.xml//.
gru 3.2 2
MKO 2.1 3
gru 3.17 4 1. Open the //server.xml// file in a text editor. You can find this file in ///path/to/tomcat/conf/server.xml//.
sas 1.1 5 1. (((
gru 3.17 6 Find the following lines:
sas 1.1 7
8 {{code}}
9 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
10 <SSLHostConfig>
11 <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
12 type="RSA" ></Certificate>
13 </SSLHostConfig>
gru 3.17 14 </Connector>
sas 1.1 15 {{/code}}
16
gru 3.17 17 If the block is commented out, uncomment it.
sas 1.1 18 )))
19 1. (((
gru 3.17 20 Edit the configuration and add your port and certificates, for example:
sas 1.1 21
22 {{code}}
gru 3.17 23 <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="1100715200">
sas 1.1 24 <SSLHostConfig hostName="XX.XXXX.XX">
25 <Certificate certificateKeyFile="conf/private.key"
26 certificateFile="conf/zertifikat.crt"
27 certificateChainFile="conf/CHAIN.pem"
28 type="RSA" ></Certificate>
29 </SSLHostConfig>
30 </Connector>
31 {{/code}}
32
gru 3.17 33 For more information on the //SSLHostConfig// property, see [[https:~~/~~/tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig>>https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig]]
sas 1.1 34
gru 3.17 35 **Below you can find a summary of the most important options:**
sas 1.1 36
37 {{table dataTypeAlpha="0" preSort="0-asc"}}
38 |=Attribut|=Wert|=Beschreibung
gru 3.17 39 |port|443 (default)|Port for the HTTPS connection.
40 |URIEncoding|UTF-8|UTF-8 should be used, as it is also used by FORMCYCLE.
41 |maxHttpHeaderSize|65536|This value should not be changed.
42 |maxPostSize|1100715200|Maximum size in bytes for POST requests. This applies, for example, when a form is submitted and includes file uploads. 1100715200 means 1 GB.
43 |hostName|*|Name or IP address of the host.
44 |certificateKeyFile|*.key|The private key of the certificate.
45 |certificateFile|*.crt|The certificate file.
46 |certificateChainFile|*.*|The certificate of the certificate authority (CA), if required.
sas 1.1 47 {{/table}}
gru 3.17 48 )))
sas 1.1 49
gru 3.17 50 **Further possibilities to configure a certificate in the Tomcat at the connector:**
sas 1.1 51
gru 3.17 52 Integration via KeyStore:
sas 1.1 53
54 {{code}}
55 <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
56 URIEncoding="UTF-8"
57 maxHttpHeaderSize="65536"
58 maxPostSize="10485760"
59 relaxedQueryChars="[ \ ] ^ ` { | }">
60 <SSLHostConfig>
61 <Certificate certificateKeystoreFile="conf/file.keystore"
gru 3.17 62 certificateKeystorePassword="mypwd" ></Certificate>
sas 1.1 63 </SSLHostConfig>
64 </Connector>
65 {{/code}}
66
67
gru 3.17 68 If you have a KeyPair file (*.pfx, *.p12) you can also include it directly:
69
sas 1.1 70 {{code}}
71 <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
72 URIEncoding="UTF-8"
73 maxHttpHeaderSize="65536"
74 maxPostSize="10485760"
75 relaxedQueryChars="[ \ ] ^ ` { | }">
76 <SSLHostConfig>
77 <Certificate certificateKeystoreFile="conf/file.pfx"
gru 3.17 78 certificateKeystorePassword="mypwd"
sas 1.1 79 certificateKeystoreType="PKCS12" ></Certificate>
80 </SSLHostConfig>
81 </Connector>
82 {{/code}}