Fast ssl certificate for tomcat development (windows)

If you need a fast ssl certificate for your tomcat, go into your home directory:
open a windows cmd

keytool -genkey -keyalg RSA -alias selfsigned -storepass changeit -validity 360 -keysize 2048

Add the following connector to your Tomcats server.xml:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
			maxThreads="150" scheme="https" secure="true" clientAuth="false"
			sslProtocol="TLS" />

Your default non-https connector should have a redirect on the ssl port (f.i. here 8443).

This should look like this:

<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1"
			redirectPort="8443" />

To verify your settings create a class named AuthenticationServlet:

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.ServletSecurity.TransportGuarantee;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet implementation class AuthenticationServlet
 */
@ServletSecurity(@HttpConstraint(rolesAllowed="joern", transportGuarantee=TransportGuarantee.CONFIDENTIAL))
@WebServlet("/AuthenticationServlet")
public class AuthenticationServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    public AuthenticationServlet() {
        super();
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		PrintWriter writer = null;
		
		try{
			writer = response.getWriter();
			writer.write("You are now on a secured connection, well done!");
			writer.flush();
		}finally{
			if(writer!=null){
				writer.close();
			}
		}
	}
}

You will get something like this if you try to browse your ssl secured website. Don’t mind it’s just because of your new self signed certificate.
sslwarning

And if you didn’t somehow defined the role (f.i. here joern) you will see the following 403 error:
403

Schreibe einen Kommentar