Apache HTTP + Tomcat + HTTPS (SSL/TLS)


I often have to deploy my JAVA application to tomcat with HTTPS communication. There is simple step-by-step guide.


  • Linux machine (Ubuntu 14.04 in my case)
  • Installed and working Apache 2 HTTP server (http://localhost:80/ works in your browser)
  • Installed Tomcat 7 server (http://localhost:8080/ works in your browser)
  • Installed Oracle JAVA (JDK)

What we will do in the guide ?

  • Generate self-signed certificate for server
  • Install self-signed certificate to Apache
  • Configure AJP connection between Apache and Tomcat at URL (https://localhost)


 Generation of self-signed certificate for HTTPS connection

  1. Run terminal
  2. Create folder for certificates in your Apache 2 configuration directory (in my case “/etc/apache2/ssl”)
    sudo mkdir /etc/apache2/ssl
  3. Run command for generation of certificate (modify cert names by yourself)
    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/server.key -out /etc/apache2/ssl/servet.crt
  4. Answer all questions. Example:
    Country Name (2 letter code) [AU]:CZ
    State or Province Name (full name) [Some-State]:Prague
    Locality Name (eg, city) []:Prague
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Company Ltd.
    Organizational Unit Name (eg, section) []:Development
    Common Name (e.g. server FQDN or YOUR name) []:company.com
    Email Address []:admin@company.com

Active the SSL and Proxy AJP Module on Apache 2

  1. This step is OS dependent, if you use Ubuntu you can do it simple by command
    sudo a2enmod ssl proxy proxy_ajp
  2. Then you have to restart Apache 2 server
    sudo service apache2 restart


Create new site at Apache 2 and create AJP connection between Apache 2 and Tomcat

  1. At first we have to prepare tomcat for AJP connection. Let’s open and edit tomcat config file “/etc/tomcat7/server.xml”. Find line starts “<Connector port=”8009″” uncomment  it and modify by line bellow:”
    <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
  2. Restart tomcat
    sudo service apache2 restart
  3. We can now create new empty file “/etc/apache2/sites-available/my-site.conf”. This is our configuration file for Apache2 site “https://my-site.localhost”
  4. Paste to the file these lines
    <VirtualHost *:443>
     # Site info
     ServerName localhost 
     # Log
     ErrorLog /var/log/apache2/my-site.ajp.error.log
     CustomLog /var/log/apache2/my-site.ajp.log combined
     # SSL configuration
     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/servet.crt
     SSLCertificateKeyFile /etc/apache2/ssl/server.key
     # Uncoment if you have certificate from parent CA autority
     # SSLCertificateChainFile /path/to/YourCA.crt 
     # AJP configuration
     ProxyRequests Off
     ProxyPreserveHost On
     ProxyPass / ajp://
     ProxyPassReverse / ajp://
     ProxyPassReverseCookiePath / / 
  5. Enable your site
    sudo a2ensite my-site
  6. Save file and restart apache 2 by command
    sudo service apache2 restart



Lets open http://localhost you should see standard Apache2 welcome screen like this

If you open the same address but with HTTPS protocol https://localhost , you should see standard Tomcat7 welcome screen like this




3 thoughts to “Apache HTTP + Tomcat + HTTPS (SSL/TLS)”

  1. Pingback: Dubai Ubar

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.