sudo cp src/test/resources/certs/mykeystore /usr/local/tomcat8/conf
vi /usr/local/tomcat8/conf/server.xml
Notice the ciphers tag. This is to disable weak Diffie-Hellman cipher suites available in Tomcat 7 by default.<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector port="8443" maxThreads="200" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_NULL_SHA,TLS_ECDH_RSA_WITH_NULL_SHA,TLS_ECDHE_ECDSA_WITH_NULL_SHA,TLS_ECDHE_RSA_WITH_NULL_SHA" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/mykeystore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" />
Redhat users:sudo /etc/init.d/tomcat8 restart
/usr/local/tomcat8/bin/shutdown.sh /usr/local/tomcat8/bin/startup.sh
This is free and unencumbered software released into the public domain.