o7planning

Install SSL Certificate for Tomcat Server

  1. Keytool
  2. Configure Tomcat

1. Keytool

By default, when you finish installing Tomcat Server, it supports only HTTP protocol. If you want to use SSL (HTTPS) you need to perform a few more configuration steps.
keytool
Keytool is an existing tool of JDK, which helps you generate keystore. This tool is located in the bin directory of the JDK (like the following illustration).
Open CMD Window and CD to bin directory of the JDK:
Execute the following command to create a file called "Mycert.cert" (You can give another name if you want):
keytool -genkeypair -alias Mycert -keyalg RSA -keystore "C:\SSL\Mycert.cert"
keytool ask you to enter a password, for example, pass123.
Enter other necessary information:
What is your first and last name?
  [Unknown]:  MyLastName
What is the name of your organizational unit?
  [Unknown]:  My Org
What is the name of your organization?
  [Unknown]:  My Org
What is the name of your City or Locality?
  [Unknown]:  My City
What is the name of your State or Province?
  [Unknown]:  My Province
What is the two-letter country code for this unit?
  [Unknown]:  VN
Is CN=MyLastName, OU=My Org, O=My Org, L=My City, ST=My Province, C=VN correct?
  [no]:  y
Keytool asks you to enter a password for <MyCert>. You may create any password or a password like the one in the previous step, for example, pass123.
Now a file is created:

2. Configure Tomcat

The next step is to configure Tomcat so that it supports SSL (HTTPS). OK, server.xml is a file located in the conf directory of the Tomcat. You can open it with any editor to edit its contents.
Open the server.xml file, and find the position as indicated in the following illustration:
Add a configuration section:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true"  
        sslProtocol="TLS"
        schema="https"
        secure="true"
        keystoreFile="C:\SSL\Mycert.cert"
        keystorePass="pass123"
        >
</Connector>
Note: As your HTTPS configuration which is is listening on port 8443. Restart Tomcat Server. After finishing restarting, you can can access the link below to check the results.
On the first run, you can receive an error message "Your connection is not private". Don't worry about it, press the "Advanced" button to tell the browser to accept this exception.