Generate self-signed certificate for Tomcat

Posted on by

Quick thread about generating a self-signed certificate for Apache Tomcat.

Generating self-signed certificate

D:\Tools\Java\jdk1.8.0_181\bin\keytool.exe -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

You can add the option -validity <number of days> to specify how many days your certificate should be valid. If not specified, the default validity period is 90 days.

When creating it, you will be asked for keystore password, and organisation informations.

Adding the certificate to Apache Tomcat

Modify the server.xml Tomcat file, and uncomment the <Connector            protocol=”org.apache.coyote.http11.Http11NioProtocol” node. On this specific node, you should change the following attributes:

  • port attribute to set the https port to use, default is 8443
  • SSLEnabled must be set to true
  • keystoreFile must point to your keystore file created previously
  • keystorePass must match the password your defined previously

Save the file, and restart your Apache Tomcat instance.

Testing

Access the Apache Tomcat home page using the https://<server ip>:<defined https port>. You should be warned about the self-signed certificate.

You can go through this warning using the Advanced button and clicking on Accept the Risk and Continue

The Tomcat home page is displayed.

The Tomcat server on secured port is operational.

Please follow and like us:
fb-share-icon
Tweet
fb-share-icon

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.