Tomcat Configuration

From WebID Wiki

Basic HOWTO for configuring the SSL/TLS support to use WebID on Apache Tomcat. These instructions has been written for GNU/Linux, but should be essentially the same for other operative systems, such as MacOS or Windows.


Before start, it'd be necessary to create a RSA keystore. Therefore you need to executing something like:

$ keytool -genkey -alias tomcat -keyalg RSA

This will create an keytore at ~/.keystore file. Try to remember the password, because it'd be required later.

(The binary keytool is distributed together the JDK)


The official distribution of Apache Tomcat (7.0.23 at the time of this writing) doesn't comes with SSL/TLS support for Java. So it's necessary to get some libraries from de [7.0.23 jSSLutils] project:

  • jsslutils.jar (>=1.0.5)
  • jsslutils-extra-apachetomcat6.jar (>=1.0.5)

Download both JAR files and copy them into the lib/ directory of Tomcat.


At the conf/server.xml file try to find a <Connector/> for HTTPS, something like:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="50" scheme="https" secure="true"

Usually it comes disabled, so you should uncomment for enabling it. Then you would need to add some additional configuration for getting the required support. Basically:

path to the keystore file
password for accessing the tomcat alias at the keystore
implementation of SSL to provide to the hosted applications
accepts any kind of certificate
enables server to request certificate to the client

So at the end the <Connector/> should look like:

   <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              keystoreFile="${user.home}/.keystore" keystorePass="changeit"
              acceptAnyCert="true" clientAuth="want" sslProtocol="TLS" />

Java code

So once you have configured (and restarted Tomcat), you would be able to access certificates from your JavaEE application using something like:

X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");

See Also