Samples | SSL Certificates (Tomcat)
  1. Create a self-signed certificate
  2. Verify the self-signed certificate
  3. Configure Tomcat
  4. Test the SSL Certificate
  1. Create a self-signed certificate
    Run the following command to create self-signed certificate: 
    $ "${JAVA_HOME}/bin/keytool" -genkey \
-keyalg RSA \
-alias mtitek \
-keystore /opt/cert/keystore \
-dname "CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA" \
-keypass kp123456 \
-storepass sp123456 \
-validity 9999

    Notes:
    • CN: Common Name (First and last name)
    • OU: Organizational Unit
    • O: Organization
    • L: City or Locality
    • ST: State or Province
    • C: two-letter country code

    • storepass: keystore password (is used to access the keystore)
    • keypass: key password (is used to access a certificate within the keystore)
  2. Verify the self-signed certificate
    Run the following command to verify that the certificate was created properly: 
    $ "${JAVA_HOME}/bin/keytool" -list -v -keystore /opt/cert/keystore
Enter keystore password: sp123456

    Output: 
    Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: mtitek
Creation date: 13-Oct-2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA
Issuer: CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA
Serial number: 7eb0f60e
Valid from: Sun Oct 13 08:50:26 EDT 2015 until: Wed Feb 27 07:50:26 EST 2043
Certificate fingerprints:
     MD5:  2F:33:F2:81:CD:FA:AA:C2:CB:3E:68:E3:E2:1E:93:90
     SHA1: AD:94:5A:E1:23:8D:BA:CA:63:96:24:41:F1:26:9F:C4:2F:C4:C6:DE
     SHA256: AD:FE:78:B8:A7:D8:D4:2E:CF:F4:83:10:D8:24:56:39:7D:FB:5D:27:AF:21:F3:11:19:1B:73:38:9C:95:2C:94
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0F E1 56 7B C8 0F 51 1A   8B 5C 1F 2D 6A 4A 68 46  ..V...Q..\.-jJhF
0010: BB FD 0F 2F                                        .../
]
]

*******************************************
*******************************************
  3. Configure Tomcat
    Edit the file: "${TOMCAT_HOME}/conf/server.xml".

    Add the https connector: 
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    scheme="https"
    secure="true"
    SSLEnabled="true"
    clientAuth="false"
    sslProtocol="TLS"
    keystoreFile="/opt/cert/keystore"
    keyAlias="mtitek"
    keystorePass="sp123456"
    keyPass="kp123456" />
  4. Test the SSL Certificate
    URL: https://localhost:8443

    tomcat-ssl-cert
© 2025