File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Deploying war file with apache ssl certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Deploying war file with apache ssl certificate" Watch "Deploying war file with apache ssl certificate" New topic

Deploying war file with apache ssl certificate

protik ahmed

Joined: Mar 21, 2010
Posts: 15
Hi, I recently created a keystore with the keytool and stored it in my <user>/ directory as default.

When it gets to the point to deplying the site using a WAR file, and transferring it onto another machine. Is it possible to include that keystore file? And if so, what is the process of getting it to work on another machine
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

You can't assign a certificate to a WAR. Certs are applied to the server as a whole, not an individual webapp or even virtual host (which can be a real pain).

Thus, you have to create a discrete certificate file for the server machine that it will be deployed on (since certs both aid in encryption and certify that you're really talking to the indicated host machine).

I'm afraid that SSL configuration is not considered as part of the J2EE spec, so there's no J2EE support for that. You have to do it manually. Or, failing that, do what I do and make an OS installer package for the cert and its containing keystore (MSI, RPM, deb, pkg or whatever, depending on the OS).

An IDE is no substitute for an Intelligent Developer.
Ned Ryerson

Joined: Mar 05, 2010
Posts: 12
Well before you config tomcat, you need to bundle the cert & key into the keystore:

of course tomcat password is changeit by default.

then in conf/server.xml

then you can force your app to run only in ssl by adding this to web.xml within your app:
I agree. Here's the link:
subject: Deploying war file with apache ssl certificate
It's not a secret anymore!