Set Up SSL on Tomcat

SSL encryption provides additional protection when transmitting data between the server and clients. This helps safeguard the integrity and confidentiality of the information, preventing third parties from intercepting or tampering with the transmitted data. Setting up SSL on Tomcat ensures that Joget applications are accessed via HTTPS, offering users a secure and encrypted connection. This server-level process ensures that your applications are protected and comply with the security standards required in enterprise and online environments.

To setup SSL encryption for Tomcat, follow the steps below:

1. Generate a key store file. You can generate it with or without an SSL certificate purchased from your SSL certificate provider. Below is an example of generating one by ourselves:
   

   C:\Program Files\Java\jdk1.7.0\bin>keytool -genkey -alias tomcat -keyalg RSA
   Enter keystore password: password
   Re-enter new password: password
   What is your first and last name?
     [Unknown]:  Robert
   What is the name of your organizational unit?
     [Unknown]:  home
   What is the name of your organization?
     [Unknown]:  home
   What is the name of your City or Locality?
     [Unknown]:  SF
   What is the name of your State or Province?
     [Unknown]:  CA
   What is the two-letter country code for this unit?
     [Unknown]:  US
   Is CN=Robert, OU=home, O=home, L=SF, ST=CA, C=US correct?
     [no]:  yes
    
   Enter key password for <tomcat>
           (RETURN if same as keystore password): password
   Re-enter new password: password
    
   C:\Program Files\Java\jdk1.7.0\bin>

2. Open the \apache-tomcat\conf\server.xml file.
3. Edit the following lines accordingly.
   

   <!-- Define a SSL HTTP/1.1 Connector on port 8443
            This connector uses the JSSE configuration, when using APR, the
            connector should be using the OpenSSL style configuration
            described in the APR documentation -->
    
       <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
                  maxThreads="150" scheme="https" secure="true"
                  clientAuth="false" sslProtocol="TLS"
    
                  keystoreFile="C:/Users/Robert/.keystore"
                  keystorePass="password"
                  />

   • The following attributes have been added/changed compared to the original settings:
     • port: 8443 to 443 (If you intend to browse to https://yourDomain instead of https://yourDomain:8443)
     • keystoreFile: Path to the .keystore file
     • keystorePass: The password defined in Step 1
4. Start your server.

You can now access your Joget at https://yourDomain/jw or https://yourDomain:8443/jw depending on what you configured.

Additional resources

See the following resources for further guidance on SSL configuration:

• Apache Tomcat 8.5 SSL Configuration HOW-TO
• Setting Up SSL on Tomcat in 5 minutes