Use SSL to secure the communication to and from your Tomcat servlet container. Usually there’s an Apache or Nginx in front of Tomcat to serve external clients’ request and this web front server is also supposed to provide SSL connectivity. However, this is not always the case and Tomcat may be accessed by clients directly so the SSL should be installed on Tomcat.