42
votes

Eclipse WTP creates its own server.xml file which it places in some folder which configures the tomcat instance you are running for your web project. If you double click on the server in the servers list you get a nice screen which makes it simple to configure some aspects of the server.xml file.

How do I configure a new connection to allow SSL connections on port 8443. Everytime I edit the server.xml file manually, eclipse overwrites my changes with the settings it has stored in the server properties page of the configuration and it seems there is no way to add a new connector from the interface that eclipse provides.

Is this possible? Here is the connector I want to add:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    keystoreFile="D:\apache-tomcat-6.0.18\keystore\key.ssl" keystorePass="pass"
    clientAuth="false" sslProtocol="TLS" />
4
I've never had luck using the embedded Tomcat, it always has had weird issues for me. So much easier to just run a Tomcat instance externallymatt b

4 Answers

71
votes

If you've already created the server, you can edit the server.xml template it copies. If you use the project explorer, It is under Other Projects->Servers->Tomcat Server Name->server.xml

31
votes

Here is how you get it to work:
Create the keystore:

keytool -genkey -alias tomcat -keypass mypassword -keystore keystore.jks -storepass mypassword -keyalg RSA -validity 360 -keysize 2048

(Follow through the prompts and fill in the information)
It should then save a keystore.key file to your home directory.
To get it to work in eclipse :

<Connector port="8443" SSLEnabled="true"
        maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
        enableLookups="true" disableUploadTimeout="true"
        acceptCount="100" debug="0" scheme="https" secure="true"
        clientAuth="false" sslProtocol="TLSv1"
        keystoreFile="/home/myUsername/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/keystore.key"
        keystorePass="mypassword" />

The above path for keystoreFile is something you absolutely need to get right for this to work. When eclipse uses a workspace metadata location to run tomcat, it copies over some files into a path that looks like the above. On OS X this would be:

/Users/<username>/Documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/keystore.key

Hope that helps.

For More Reference : SSL/TLS Configuration HOW-TO in Apache Tomcat 7

3
votes

I figured it out. When you first create a new server in the Servers view by right clicking in it and selecting New > Server. Eclipse WTP takes your existing server.xml file from the tomcat installation and creates the new server.xml file for your project using the original as a template.

If you modify the original server.xml with the configuration you need BEFORE creating a new server in eclipse you will retain those settings.

It's too bad eclipse doesn't allow adding these types of configurations after the fact.

1
votes

Provided you have the certificate(s) and keystore as mentioned earlier in this post, I found the following solution to configuring Eclipse to be able to communicate with SSL-enabled servers. When using the Tomcat configuration tool, you must add entries to the "Java" tab, "Java Options" text box, as follows:

-Dbusinessobjects.orb.oci.protocol=ssl
-Dcertdir=c:\ssl
-DtrustedCert=c:\ssl\cacert.der
-DsslCert=c:\ssl\servercert.der
-DsslKey=c:\ssl\server.key
-Dpassphrase=c:\ssl\passphrase.txt

Similarly in Eclipse, right click on the server name in the Project Explorer window, click Profile As | Profile Configurations | Arguments, and append the same options listed above to the "VM Arguments:" text box. That should allow you to run and debug programs againse SSL-enabled servers.

Eclipse "VM Arguments:" text box