How can I test a URL is SSL secured

Question

I'm new to IT industry. Test scenario is like I need to test whether my application's login page is SSL secured or not?

In general sometime we used to visit some websites where it shows a pop-up for SSL security. So I need to test the same scenario in my application.

I have small web application where I have login.html page. Basically, I'm able to start my web application using Maven and server used is Tomcat. Command I'm using to start is mvn tomcat7:run and URL using http://localhost:8080/login.html. It works perfectly.

But I want to change my URL from http to https and when I access my URL, i.e to https://localhost:8080/login.html, then it should pop-up with SSL security alert and I should accept it.

If my question is still not clear then feel free to comment.

After searching on net I have done some workarounds but its not working out. What I have tried:

My HTML page

<!DOCTYPE html>
<html>
<head>
</head>
<body>
<h1>Login App</h1>
<div id="emptyDiv"></div>
<div id="description"></div>
<!--container start-->
<div id="container">
  <div id="container_body" style="background-color:#BBD700;float:center;">
  <!--Form  start-->
    <div id="form_name">
      <div class="firstnameorlastname">
<form >
     &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
       <div id="errorBox"></div>
         First Name :   <input  id="firstName" type="text" name="Name" value="" >
         &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
         Last name : <input  id="lastName" type="text" name="LastName" value="" >

      </div>
               &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;
      <div id="email_form">
        Email Id: <input style="position:right" type="text" name="Email" value="" >
      </div>
      <input id="sub_form" type="submit" value="Submit">
           </form>
    </div>
    <!--form ends-->
  </div>
</div>
<!--container ends-->
</body>
</html>

web.xml

<pre><code><!DOCTYPE web-app PUBLIC <span style="color: red;">"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"</span> <span style="color: red;">"http://java.sun.com/dtd/web-app_2_3.dtd"</span>>
<web-app>
           <!--   <security-constraint>
             <web-resource-collection>
                 <web-resource-name>MyEducationApp</web-resource-name>
                 <url-pattern>/login.html</url-pattern>
              </web-resource-collection>
              <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
              </user-data-constraint>
             </security-constraint>

               <security-constraint>
                  <web-resource-collection>
                     <web-resource-name>Non-SecureResource</web-resource-name>
                     <url-pattern>/login.html</url-pattern>
                  </web-resource-collection>
                  <user-data-constraint>
                     <transport-guarantee>NONE</transport-guarantee>
                  </user-data-constraint>
               </security-constraint> -->

  <display-name>Login WebApp</display-name>
</web-app>
</span></code></pre>

Maven Plugin used

    <!-- Maven Tomcat Plugin -->
            <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <version>2.2</version>
                <configuration>
                    <url>https://localhost:8080/manager/text</url>
                    <server>localhost</server>
                    <path>/</path>
                    <username>admin</username>
                    <password>aRfalah</password>

                </configuration>
                <executions>
                    <execution>
                        <id>tomcat7-run</id>
                        <goals>
                            <goal>run-war-only</goal>
                        </goals>
                        <phase>pre-integration-test</phase>
                        <configuration>
                            <fork>true</fork>

                        </configuration>
                    </execution>

                    <execution>
                        <id>tomcat7-shutdown</id>
                        <goals>
                            <goal>shutdown</goal>
                        </goals>
                        <phase>post-integration-test</phase>
                    </execution>
                </executions>
            </plugin>

Answer 1

SSL/TLS encryption for your web site is nothing you can do in your web application. It's done via your web server's configuration.

See Apache Tomcat 7, SSL Configuration HOW-TO.

---

Additional info (repeated from my comment to the OQ, since comments are not that prominent and editable):

You don't have to buy a certificate from one of the certification authorities (CA) to obtain a certificate.

1. StartSSL offers 1-year SSL/TLS + S/MIME for free. On a different domain they offer now:

   No offer any more:

   Notice to all StartCom subscribers

   StartCom CA is closed since Jan. 1st, 2018 that don’t issue any new certificate from StartCom name roots. If you want to buy trusted SSL certificate and code signing certificate, please visit https://store.wotrus.com. If you want to apply free email certificate, please visit https://www.mesince.com to download MeSince APP to get free email certificate automatically and send encrypted email automatically.

   But there may be other companies meanwhile.

2. You can easily create your own certificates with OpenSSL (thus being your own CA) and associate this certificate with your https:// site. If your visitors accept your certificate in the dialog that pops up in their browser it is stored in their browser's certificate store and the dialog will not appear again until the certificate's expiration date is reached.

Answer 2

This is what you need to do:

1. Generate a self signed certificate and install the same in Tomcat (Gerold Broser's post has the link)
2. By default, the SSL port is disabled in Tomcat, enable it (same link as bove)
3. Change your URL to https://local_host:8443/login.html (default SSL port for Tomcat)
4. Make the request through your browser, you should see a page/message, depending on the browser, telling you that the certificate is not OK

If you want this page to be only accessed through SSL, look at Tim Funk's post and edit the web.xml of the application.