How to Install SSL Certificate on Tomcat

Posted at June 9, 2017 at 4:33 pm by Jithin

In this tutorial, we can discuss how to install SSL certificate on Tomcat

Tomcat is an open source web server which is implemented in java servlets. By default, Tomcat is listening on the port 8080 but the secure Tomcat will listen to 8443.


Steps to install SSL certificate

1) Create a key store for SSL certificate.

Java key store is a repository of SSL certificate. We can generate the same using the following command.

# keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

Enter a password:

Enter Fist and Last name: Enter the fully qualified domain name.

Enter Organization name: Enter your organization name.

Enter City/Locality : Enter your city name.

Enter State/Province: Enter your state name.

Country Code : Enter the two digit ISO code for your country.


2) Create CSR using the following command.

# keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore

This command will prompt for a password and will generate the CSR. Using the CSR, you can request to purchase SSL certificate for the domain.

These three SSL certificates will be offered.

root.crt (root certificate)

intermediate.crt (intermediate certificate)

PrimaryCertFileName.crt (Issued certificate by CA)


3) Follow the steps below to install the SSL certificate in key store.

1) Install root certificate using the commands below.

# keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file root.crt

2) Install the intermediate certificate using the commands below.

# keytool -import -alias intermediate -keystore tomcat.keystore  -trustcacerts -file intermediate.crt

3) Install the Primary Certificate File using the command below.

keytool -import -trustcacerts -alias tomcat -file PrimaryCertFileName.crt -keystore tomcat.keystore

After the installation of the SSL Certificate file into your key store, the next step is the to configure the certificate on key store.


4) Configure Tomcat with Keystone.

Now open the Tomcat configuration file server.xml and add the code below to enable https connection. Server.xml file usually locates under tomcat conf file in tomcat home directory.


port=”8443″ maxThreads=”200″

scheme=”https” secure=”true” SSLEnabled=”true”

keystoreFile=”[path to your keystore file]” keystorePass=”changeit”

clientAuth=”false” sslProtocol=”TLS”/>


5) Restart Tomcat service to enable the changes.

# service tomcat restart


6)Verify the URL that is loading in HTTPS.

You can verify the URL is loading in HTTPS by calling https://serverIP:8443


7) You can also configure the tomcat app to work with SSL.

To enable SSL for the Tomcat application just add the code below in web.xml file.










You can check if the tomcat application is loading SSL with https://ServerIP:8443/yourApp


The transport-guarantee tag is set to CONFIDENTIAL to make sure your app will work on SSL. If you want to disable SSL, you don’t need to delete the code from web.xml file. Just change the transport-guarantee tag to NONE.


If you need any further help please contact our support department.



0.00 avg. rating (0% score) - 0 votes

You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply