Tomcat by default listens on http port 8000. Follow these instructions to change Tomcat to listen on an https port.
Stop the Tomcat server.
<FlexDeploy Home>/StopFlexDeploy.sh
Create a Java Key Store to hold your SSL Certificate. You will need to update location to JDK, alias, and give appropriate path for the keystore location.
/u01/java/jdk1.8.0_281/bin/keytool -genkey -alias myalias -keyalg RSA -keystore /home/oracle/flexdeploy.keystore
Import your SSL certificate. You will need to adjust the JDK location, the keystore name, alias name, and the certificate file name.
/u01/java/jdk1.8.0_281/bin/keytool -import -alias myalias -file mycert.cer -keystore /home/oracle/flexdeploy.keystore
To generate a self-signed certificate and import into the keystore, issue the following command, adjusting the paths and parameters as necessary./u01/java/jdk1.8.0/bin/keytool -genkeypair -alias myalias -keyalg RSA -validity 365 -keysize 2048 -keystore /home/oracle/flexdeploy.keystore
Edit <FlexDeploy Home>/apache-tomcat-flexdeploy/conf/server.xml. Modify the HTTP connector that is listening on port 80 as follows to listen on some port (not 443). Be sure to adjust keystore file path.
<Connector port="8443" protocol="HTTP/1.1" sslVerifyClient="optional" sslEnabledProtocols="TLSv1.2,TLSv1.1,SSLv2Hello" connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true" maxHttpHeaderSize="16384" schema="https" keystoreFile="/home/oracle/flexdeploy.keystore" keystorePass="changeit" clientAuth="false" sslProtocol="TLS"/>On Unix, privileged ports (less than 1024) cannot be opened by a non-root user. The solution is to forward traffic from 443 to the port used above (8443). As root, update iptable rule to redirect the traffic from 443 to 8443.
iptables -t nat -I PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 8443
Start the Tomcat server.
<FlexDeploy Home>/StopFlexDeploy.sh
Test in browser.
https://<your.hostname>/flexdeploy
New to Certificates and the keytool utility? Reference this cheat sheet for assistance.