How to setup SSL on Tomcat in less than 5 Minutes

This article is going to show you how you can configure SSL on your Tomcat / TomEE instance in less than 5minutes, I challenge you that!

For this, the basic pre-requisites are the following (these are obvious, but making a point that this article is self-explanatory to all kinds):

  • Java SDK (JDK 11.0.2 used for this article)
  • Tomcat / TomEE (Tomcat 9 used for this article)

There are basically two important steps to make this configuration work, which is as follows:

  • To create a Keystore file using Java
  • To configure your Tomcat / TomEE instance to use this Keystore file that was generated in the earlier step.

Let us now look at these steps which are outlined above

Create a Keystore file using Java:

For this, open a command prompt for Windows or a terminal for your Linux / macOS:

cd %JAVA_HOME%/bin -> For Windows

cd $JAVA_HOME/bin -> For Linux / macOS

By the above step, you would change directory to JAVA_HOME/bin where you will find a handy tool key tool that takes the responsibility of creating a Keystore file. On that prompt/terminal, key in the following command:

keytool –genkey –alias tomcat –keyalg RSA

After the execution of the above command, you would be posed with the following questions where you can provide answers accordingly:

You would first be prompted for a password, provide it and make sure that you remember or make a note of it correctly.

For the First and Last name, it should be the name of the system where this certificate must be deployed. Eg: HOSTNAME of your TOMCAT instance.

The rest of the questions are straight forward, examples of those are provided in the screenshot below.

At the end of this questionnaire comes a confirmation, for which you need to explicitly say Y / YES after reviewing the details that you’ve provided here.

Once the above command is executed, this would create a .keystore file under the following folder locations based on your choice of OS where you would have attempted this.

WINDOWS -> C:\Users\<USER_NAME>\.keystore

LINUX -> /home/<USER_NAME>/.keystore

MacOS -> /Users/<USER_NAME>/.keystore

Configure Tomcat with a generated Keystore file

Open your Tomcat / TomEE installation directory for which you want to configure SSL, open the conf folder -> server.xml file in Administrator mode (so that the modifications that you make can be saved on exit).

Search for the following XML element:

Uncomment and make the changes to match the following

  1. Make a note of the changes made, here we should add these parameters without fail – Keystore file, keystorePass, and the protocol.

This brings us to the end of the necessary configurations that are required to setup SSL for your TOMCAT / TomEE instances. Restart your TOMCAT / TomEE instances for the changes to take effect.

You could now try and test accessing the following URLs to confirm that the TOMCAT / TomEE instances are available on both HTTP and HTTPS. These should both land to your TOMCAT / TomEE home page respectively.

  1. http://localhost (Considering that you are running your TOMCAT / TomEE instances on the default port 80).
  2. http://localhost:8443

How do I start Tomcat in https mode?

What is SSL in Tomcat

Does Tomcat Use OpenSSL?
How do I configure SSL?

Tomcat 8.5 SSL configuration

How to install SSL certificate in apache tomcat Linux


Tomcat self-signed certificate

Setting up SSL on tomcat in 5 minutes

How to configure SSL in Tomcat 7

Comment here

This site uses Akismet to reduce spam. Learn how your comment data is processed.