Jump to: navigation, search

Customizing the Tomcat HTTPS Connector

The Tomcat installation includes, by default, a self-signed certificate in the Java keystore file configured for the HTTPS connector. As a result, and without any additional configuration, you can use the HTTPS connector to accept SSL-encrypted HTTP requests from users directly and/or through Apache, as described in the documentation detailing how to configure Apache to use HTTPS when routing requests to the Advisors Tomcat server.

Although it should not be necessary to change this configuration, you might want to change it if you are planning to either use a different port to accept HTTPS connections, or to use a different certificate, such as one signed by a third-party certificate authority or an internal certificate authority.

Steps to Replace the Default Keystore for Tomcat HTTPS Connector


  1. Prepare a certificate keystore using the instructions from the Apache Tomcat 8.0 documentation.

  2. Edit the HTTPS connector configuration. The connector configuration is found in the installation apache-tomcat-<version>/conf/ directory server.xml file:

    <Connector port="${HTTPSPort}" protocol="org.apache.coyote.http11.Http11NioProtocol"
                            maxThreads="${MaxThreadPoolSize}" minSpareThreads="${MinThreadPoolSize}" SSLEnabled="true" scheme="https" secure="true"
                            clientAuth="false" sslProtocol="TLS" keystoreFile="${informiam.conf.dir}/tomcat-cert" keystorePass="secret"/>
  3. Set the keystoreFile attribute to the path of your keystore file (generated in Step 1).

  4. Set the keystorePass attribute to the password used in your keystore file.

  5. After the changes are complete, restart the Advisors Platform server.

  6. You can test the HTTPS connection by accessing https://<Tomcat Host>:<HTTPS Port>. The ${HTTPSPort} property value used in the connector configuration is defined in the installation apache-tomcat-<version>/conf/ directory catalina.properties file and defaults to 8443.

Comment on this article:

blog comments powered by Disqus
This page was last modified on 7 February 2018, at 14:12.