Tomcat HTTPS/SSL setup
This how-to guide describes how to set up HTTPS/SSL on a Tomcat 8.5 server. (The process remains unchanged from Tomcat 7 and Tomcat 8)
If you already have a certificate, you can skip the generate certificate step.
If you generate a certificate, unless you submit it to a certificate authority, the certificate will be self-signed, so users connecting to the tomcat will have a security warning in their browsers.
Are there any additional concerns for using web services over https? Or does it "just work"?
Web services work out of the box over https exactly like over http. (Unless of course the web service client does not support https/ssl.)
The concern is about using self-signed certificates, it is necessary to check if there is a way to configure WS client to accept self-signed certificates, otherwise it can refuse such certificates and connections will fail.
Step-by-step guide
Generate certificate
%JAVA_HOME%\bin\keytool -genkey -alias <alias> -keyalg RSA -keystore <your_keystore_filename>
Import certificate
keytool -import -alias <alias> -keystore <your_keystore_filename> -file <your_certificate_filename>
Tomcat Configuration
uncomment and configure ssl connector
<Connector
protocol="HTTP/1.1"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true" keyAlias="<alias>"
keystoreFile="<your_keystore_filename>" keystorePass="<keystore password>"
clientAuth="false" sslProtocol="TLS"/>
Comment http connector to disable non secured http connection or if you prefer to have http connection redirected to https, configure redirect port using ssl connector port, and update the end of $TOMCAT_HOME/conf/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
More information here: http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html
Related articles