Configuring HTTPS by APR

HTTPS enscryption by APR configuration is as follows:

1. Download OpenSSL from http://www.openssl.org/, and use OpenSSL for Windows.

2. Generate public key and private key using OpenSSL.

a) Add the bin of OpenSSL to the environment variable of system PATH, such as D:\OpenSSL-Win64\bin .

b)OpenSSL comman line:

openssl.exe

c) Create a private key for Tomcat, and execute:

genrsa -des3 -out D:\tomcatkey.pem 2048

Type a password, and then type it again. In this case, the private key of tomcatkey.pem is generated, and the path is D:\tomcatkey.pem.

d) Create a certificate using the private key

After the private key is created, you need to create a certificate. Type the following command:

req -new -x509 -key D:\tomcatkey.pem -out D:\tomcatcert.pem -days 1095

Type the password that is specified in creating the private key. A new period of self-signed certificate (1095 days) is generated, i.e., tomcatcert.pem. The path is D:\tomcatcert.pem.

3. Modify server.xml, and start SSL

a) Find the config of SSL HTTP/1.1 Connector:

<!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the 
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
        ...
-->

Remove the annotation:

<Connector port="8443" protocol="HTTP/1.1"
                   SSLEnabled="true"
                   maxThreads="150"
                   scheme="https"
                   secure="true"
                   URIEncoding="utf-8"
                   clientAuth="false"
                   SSLCertificateFile="D:\tomcatcert.pem"
                   SSLCertificateKeyFile="D:\tomcatkey.pem"
                   SSLPassword="123456"
                   sslProtocol="TLS"/>

4. Restart Tomcat. Access web application with HTTPS at port 8443.