force ssl in tomcat 7

Question

I want to force all users to use SSL for all pages in my application. I am using mavan 3 and used this plugin in maven:

        <plugin>
            <groupId>org.apache.tomcat.maven</groupId>
            <artifactId>tomcat7-maven-plugin</artifactId>
            <version>2.0-SNAPSHOT</version>
            <configuration>
                <server>TomcatServer</server>
                <httpsPort>8443</httpsPort>
                <keystoreFile>-- My keystore path --</keystoreFile>
                <keystorePass>-- My keystore pass --</keystorePass>
                <path>/</path>
            </configuration>
        </plugin>

On running the server through maven (mvn tomcat7:run), my server logs are like this:

...
INFO: Initializing Spring root WebApplicationContext
Sep 16, 2012 9:55:17 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Sep 16, 2012 9:55:17 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]

However, when I access the page with https, I get SSL connection error in chrome and "SSL received a record that exceeded the maximum permissible length." in firefox.

1) I believe maven embeds Tomcat 7 in the war. So, there is no server.xml file where I can manually configure SSL. How can I configure SSL in my pom.xml?

2) How to make sure that all requests get forwarded to 8443?

score 3 · Answer 1 · answered Oct 31 '12 at 19:43

I have a feeling that the "server" attribute may be causing your problem. According to the Tomcat plug-in documentation that is not an option. Here is a (very hard-to-find) list of the plug-in options for the Tomcat 'run' command. http://mojo.codehaus.org/tomcat-maven-plugin/run-mojo.html Good luck. I had a similar problem, although not the same. I hope this works for you.

score 0 · Answer 2 · edited May 23 '17 at 10:25

This is how you should configure SSL for Tomcat 7: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

Then, you need to add server.xml to this embedded Tomcat, started by the plugin: http://tomcat.apache.org/maven-plugin-2.0-SNAPSHOT/tomcat7-maven-plugin/run-mojo.html#serverXml

Then, forwarding from 8080 to 8443 should be done by your application internally, probably in servlet listener]. See also: How to implement a HTTPS login page in a web application?

score 0 · Answer 3 · edited Jun 13 '21 at 16:58

I had the same problem so i hosted the Tomcat separately then configured the ssl certificate in server.xml by generating jks file using JDK keytool. So, all application can be hosted in same tomcat with secure https link.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="1500" SSLEnabled="true" scheme="https" secure="true" keystoreFile="C:\apache-tomcat-8\conf\filename.jks" keystorePass="password"
clientAuth="false" sslProtocol="TLS" > 
</Connector>

Add the above code in server.xml file and do the port forwarding from 8443 to 443.

force ssl in tomcat 7

3 Answers3