Press "Enter" to skip to content

Self signed SSL cert for Apache Tomcat

The simplest way I know of to create and self sign an SSL certificate for your Apache Tomcat server…  In two simple steps…………

Step 1 –  (the $JAVA_HOME environment variable should already be set in your tomcat user’s ~/.bash_profile or replace with the full path to keytool)

#  $JAVA_HOME/bin/keytool  -genkeypair  -validity 3650  -alias tomcat  -keyalg  RSA

password:  specify a password
name:  use the full <hostname> domain name
organizational unit:
Select ‘y’ to confirm the details.

Press the ‘Enter’ key when asked for a password for the alias ‘tomcat’.

A keystore called .keystore (a hidden file) will be created (user’s home directory) which should be moved to <tomcat_home_dir>/conf/.

Step 2.
Uncomment the ‘SSL HTTP/1.1 Connector on port 8443’ section in <tomcat_home_dir>/conf/server.xml and add parameters so that it resembles the following:

<Connector   port=”8443”  protocol=”HTTP/1.1”  SSLEnabled=”true”  maxThreads=”150”  scheme=”https”  secure=”true”  enableLookups=”false”  disableUploadTimeout=”true”  acceptCount=”100”  clientAuth=”false”  sslProtocol=”TLS”  URIEncoding=”UTF-8”  keystorePass=”<password_from_Step1>”  keystoreFile=”<tomcat_home_dir>/conf/.keystore” />

Restart Tomcat and point your browser to to verify the cert.  Doesn’t get any simpler than that.