How to enable ssl or https on tomcat server


If you are running tomcat server that runs only on HTTP, follow the 2 easy steps mentioned below, to configure tomcat for SSL.

1. Create Keystore using Java keytool

First use the keytool to create a java keystore as shown below. Make sure to note down the password that you enter while creating the keystore.

[root@alex~]# $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

Enter keystore password:

Re-enter new password:

What is your first and last name? [Unknown]: Alex Hunt

What is the name of your organizational unit? [Unknown]: IT

What is the name of your organization? [Unknown]: JKT

What is the name of your City or Locality? [Unknown]: Noida

What is the name of your State or Province? [Unknown]: UP

What is the two-letter country code for this unit? [Unknown]: IN

Is CN=Alex, OU=IT, O=JKT, L=Noida, ST=UP, C=IN correct?

[no]: yes

Enter key password for

(RETURN if same as keystore password):

This will create the .keystore file under the /root home directory.

# ls -l /root/.keystore

-rw-r–r– 1 root root 1391 Apr 6 11:19 .keystore

2. Modify the server.xml file

Locate the conf/server.xml file located under the tomcat directory. If the Connector port=”8443″is commented out, you should uncomment it first.

[root@alex~]# vim server.xml

Now, add the keystore information to the server.xml as shown below. Replace your-key-password with the password you provided in the step 1 while creating the keystore.

Finally, restart the tomcat server and access the application using https://{your-ip-address}:8443/

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Linux/CentOS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s