All content and software implementations are not Ericsson-supported products. Note that Ericsson does not represent nor hold responsibility for the content from this area.
SSL, or Secure Socket Layer, is a standard way to ensure the confidentiality and integrity of a TCP connection. When applied to a HTTP connection it is commonly referred to as HTTPS. Setting up an HTTPS connector for Tomcat is relatively easy. First you have to create a cryptographic key pair inside a keystore. See the command line excerpt below:
# To create key and keystore:
keytool -genkey -alias myKeyAlias -keypass KeykeystorePassword -keystore mykeystoreFileName.bin -storepass KeykeystorePassword
What is your first and last name?
[Unknown]: www.myserver.ericsson.com
What is the name of your organizational unit?
[Unknown]: Mobility World
What is the name of your organization?
[Unknown]: Ericsson AB
What is the name of your City or Locality?
[Unknown]: Kista
What is the name of your State or Province?
[Unknown]: Stockholm
What is the two-letter country code for this unit?
[Unknown]: SE
Is www.myserver.ericsson.com, OU=Mobility World, O=Ericsson AB, L=Kista, ST=Stockholm, C=SE> correct?
[no]: Yes
You must type in the fields indicated in italics. The only particularity about this is that the password for storepass has to be the same as keypass.
The keytool is an interactive program that lets you create a keystore containing a cryptographic key pair. The program keytool is provided with any J2SE SDK, just make sure it is in your execution path. Notice that is preferable that the first and last name supplied for the certificate matches the DNS name of the server that will host the HTTPS connection, otherwise you?ll get a warning later.
An alias is the name given to a particular key pair inside the keystore. A keystore can hold many keys; therefore an alias is required for each one.
The next step is to modify the file %TOMCAT%/conf/server.xml inside the conf directory of your Tomcat or JWSDP installation. You have to create a SSL connector. For that you need the following parameters:
- location of your keystore;
- password for your keystore; and
- port to serve the HTTPS connections.
The standard port for HTTPS is 443, but Tomcat is initially configured to redirect to port 8443. To change this default behavior modify all the HTTP connectors in %TOMCAT%/conf/server.xml so the redirect property looks something like this: redirectPort=?443?.
The HTTP connectors look very similar to the HTTPS connector but the scheme is set to ?http? and secure is set to ?false? or not set. You may also have to change the className parameters to match your Tomcat server version.
Download the code above (.txt)
You have to type the correct protocol and port to get a SSL protected connection. Your URL will start with ?https?. The port by default is 443, but if you set-up differently you will have to specify the SSL port. In most browsers a lock image appears at the bottom showing that the connection is secure. 
If you have set-up everything correctly when you connect to your server you should see something like this:
To avoid the warning signs appearing on the certificate, you should send your certificate to a Certificate Authority (CA), which is in the trusted CA database. After you receive the certificate signed by the CA import it into your keystore. For more information on how to import a certificate refer to:
http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html
The name of the certificate must match the name of your web server and its date must be valid.
