Documentation for Confluence 2.5.4 - 2.5.8.
Documentation for [Confluence Cloud] and the latest Confluence Server is available too. 
This section describes how to enable secure access on a Confluence Standalone instance (running Tomcat 4.1.30). The configuration details may be slightly different for newer versions of Tomcat and different application servers.
Users of Confluence 2.2.0 and newer
Please follow this guide instead.
Before configuring SSL, an SSL certificate must be created. If you have already configured one, you can skip this step.
On Windows, perform the following at the command prompt:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
On Unix/Linux, perform the following at the command prompt:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
This will also apply to MacOS X systems.
Some questions will be asked, including a password for the certificate (the default is 'changeit'). Please note down what this is, as it will be used in the next step.
In the confluence directory, open the conf/server.xml file and insert one of the following just after the closing </Engine> tag:
For Tomcat 4 (Confluence 2.1.x and below):
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="true"> <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystorePass="#CERT_PASSWORD#" /> </Connector>
For Tomcat 5.5 (Confluence 2.2 and above):
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
URIEncoding="UTF-8" keystorePass="#CERT_PASSWORD#" />
Please note that the above configuration is included in the Confluence Standalone conf/server.xml file, and only needs to be uncommented.
Change #CERT_PASSWORD# to the password you entered for the certificate when you generated it.
By default, Tomcat will look in C:\Documents and Settings\\#CURRENT_USER#\.keystore (Windows) or ~/.keystore (Unix) for the certificates. If you have previously generated an SSL certificate and it is located in a different location, you will need to add an additional attribute in the conf/server.xml file.
On Tomcat 4 change the <Factory> tag to following:
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="#KEYSTORE_LOCATION#" keystorePass="#CERT_PASSWORD#" />
On Tomcat 5.5 change the <Connector> tag to following:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
URIEncoding="UTF-8" keystorePass="#CERT_PASSWORD#" keystoreFile="#KEYSTORE_LOCATION#" />
Also replace the #KEYSTORE_LOCATION# and #CERT_PASSWORD#.
After that, restart Tomcat and access your instance on https://host.domain:8443/.
For more detailed information on setting up SSL with Tomcat (including additional configuration options), have a look at Tomcat 4 SSL Howto or Tomcat 5.5 SSL Howto.
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.