Before you go through the trouble of getting SSL up and running, it's a probably a good idea to determine if you actually should be using this configuration.
The most common reason you'd need to use Tomcat to handle SSL connections would be if you are running Tomcat as a stand-alone web server.
In other words, if you're fronting Tomcat with a web server and using it only as an application server or Tomcat servlet container, in most cases you should let the web server function as a proxy for all SSL requests. Because all that decryption, encryption, and handshaking isn't free - actually, it's not just "not free," it's quite CPU-intensive, and it significantly slows down the speed of transmission.
In other words, if you're already using a web server to serve your static content, you're better off letting it handle all that, freeing up your Tomcat server to focus on its specialty - quickly generating dynamic content, and allowing it to get that data to your web server as quickly as possible, in cleartext.
To create a new keystore using this program, enter the following command at the command-line, substituting syntax appropriate for your OS:$JAVA_HOME/bin/keytool -genkey -alias [youralias] -keyalg RSA -keystore [/preferred/keystore/path]Use an [alias] and [path] of your choice.
Next, keytool will ask you to enter the password you want to use for the keystore.
In the interest of simplicity, this guide will only cover the latter (but you can find instructions for importing keys on Apache's Tomcat Documentation site).
A program called keytool, which is included with your JDK, will do the actual work of creating your new keystore.
In order for public key encryption to provide secure communication, one more more of the communicating parties must have some way of proving to the other that they are, in fact, who they claim to be.If, however, your site is small enough that you don't need to mess around with an additional web server, then Tomcat will happily handle your SSL needs. Setting up SSL for Tomcat can be pided into two main tasks: creating a functional keystore, and configuring the Tomcat connectors and applications. The keys Tomcat will use for SSL transactions are stored in a password-protected file called, creatively, the "keystore." The first step to enabling SSL on your server is to create and edit this file.You can create this file in one of two ways - by importing an existing key into the keystore, or by creating an entirely new key.The good news is that Tomcat fully supports the SSL protocol.The bad news is that the configuration process and SSL itself can be a little confusing for first-time users. To help you get SSL working with your Tomcat servers, we've assembled a simple, comprehensive, step-by-step guide to using SSL with Tomcat.
Matching passwords are REQUIRED for Tomcat to access the certificate.