Wiki source code of Bereitstellung über HTTPS
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | To enable HTTPS support for Tomcat, you need to edit the configuration file //server.xml//. | ||
| 2 | |||
| 3 | |||
| 4 | 1. Open the //server.xml// file in a text editor. You can find this file in ///path/to/tomcat/conf/server.xml//. | ||
| 5 | 1. ((( | ||
| 6 | Find the following lines: | ||
| 7 | |||
| 8 | {{code}} | ||
| 9 | <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> | ||
| 10 | <SSLHostConfig> | ||
| 11 | <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" | ||
| 12 | type="RSA" ></Certificate> | ||
| 13 | </SSLHostConfig> | ||
| 14 | </Connector> | ||
| 15 | {{/code}} | ||
| 16 | |||
| 17 | If the block is commented out, uncomment it. | ||
| 18 | ))) | ||
| 19 | 1. ((( | ||
| 20 | Edit the configuration and add your port and certificates, for example: | ||
| 21 | |||
| 22 | {{code}} | ||
| 23 | <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="1100715200"> | ||
| 24 | <SSLHostConfig hostName="XX.XXXX.XX"> | ||
| 25 | <Certificate certificateKeyFile="conf/private.key" | ||
| 26 | certificateFile="conf/zertifikat.crt" | ||
| 27 | certificateChainFile="conf/CHAIN.pem" | ||
| 28 | type="RSA" ></Certificate> | ||
| 29 | </SSLHostConfig> | ||
| 30 | </Connector> | ||
| 31 | {{/code}} | ||
| 32 | |||
| 33 | For more information on the //SSLHostConfig// property, see [[https:~~/~~/tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig>>https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig]] | ||
| 34 | |||
| 35 | **Below you can find a summary of the most important options:** | ||
| 36 | |||
| 37 | {{table dataTypeAlpha="0" preSort="0-asc"}} | ||
| 38 | |=Attribut|=Wert|=Beschreibung | ||
| 39 | |port|443 (default)|Port for the HTTPS connection. | ||
| 40 | |URIEncoding|UTF-8|UTF-8 should be used, as it is also used by FORMCYCLE. | ||
| 41 | |maxHttpHeaderSize|65536|This value should not be changed. | ||
| 42 | |maxPostSize|1100715200|Maximum size in bytes for POST requests. This applies, for example, when a form is submitted and includes file uploads. 1100715200 means 1 GB. | ||
| 43 | |hostName|*|Name or IP address of the host. | ||
| 44 | |certificateKeyFile|*.key|The private key of the certificate. | ||
| 45 | |certificateFile|*.crt|The certificate file. | ||
| 46 | |certificateChainFile|*.*|The certificate of the certificate authority (CA), if required. | ||
| 47 | {{/table}} | ||
| 48 | ))) | ||
| 49 | |||
| 50 | **Further possibilities to configure a certificate in the Tomcat at the connector:** | ||
| 51 | |||
| 52 | Integration via KeyStore: | ||
| 53 | |||
| 54 | {{code}} | ||
| 55 | <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" | ||
| 56 | URIEncoding="UTF-8" | ||
| 57 | maxHttpHeaderSize="65536" | ||
| 58 | maxPostSize="10485760" | ||
| 59 | relaxedQueryChars="[ \ ] ^ ` { | }"> | ||
| 60 | <SSLHostConfig> | ||
| 61 | <Certificate certificateKeystoreFile="conf/file.keystore" | ||
| 62 | certificateKeystorePassword="mypwd" ></Certificate> | ||
| 63 | </SSLHostConfig> | ||
| 64 | </Connector> | ||
| 65 | {{/code}} | ||
| 66 | |||
| 67 | |||
| 68 | If you have a KeyPair file (*.pfx, *.p12) you can also include it directly: | ||
| 69 | |||
| 70 | {{code}} | ||
| 71 | <Connector port="443" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" | ||
| 72 | URIEncoding="UTF-8" | ||
| 73 | maxHttpHeaderSize="65536" | ||
| 74 | maxPostSize="10485760" | ||
| 75 | relaxedQueryChars="[ \ ] ^ ` { | }"> | ||
| 76 | <SSLHostConfig> | ||
| 77 | <Certificate certificateKeystoreFile="conf/file.pfx" | ||
| 78 | certificateKeystorePassword="mypwd" | ||
| 79 | certificateKeystoreType="PKCS12" ></Certificate> | ||
| 80 | </SSLHostConfig> | ||
| 81 | </Connector> | ||
| 82 | {{/code}} |