• Home
  • LLMs
  • Docker
  • Kubernetes
  • Java
  • All
  • About
Samples | SSL Certificates (Tomcat)
  1. Create a self-signed certificate
  2. Verify the self-signed certificate
  3. Configure Tomcat
  4. Test the SSL Certificate

  1. Create a self-signed certificate
    Run the following command to create self-signed certificate:
    $ "${JAVA_HOME}/bin/keytool" -genkey \
    -keyalg RSA \
    -alias mtitek \
    -keystore /opt/cert/keystore \
    -dname "CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA" \
    -keypass kp123456 \
    -storepass sp123456 \
    -validity 9999

    Notes:
    • CN: Common Name (First and last name)
    • OU: Organizational Unit
    • O: Organization
    • L: City or Locality
    • ST: State or Province
    • C: two-letter country code

    • storepass: keystore password (is used to access the keystore)
    • keypass: key password (is used to access a certificate within the keystore)
  2. Verify the self-signed certificate
    Run the following command to verify that the certificate was created properly:
    $ "${JAVA_HOME}/bin/keytool" -list -v -keystore /opt/cert/keystore
    Enter keystore password: sp123456

    Output:
    Keystore type: JKS
    Keystore provider: SUN
    
    Your keystore contains 1 entry
    
    Alias name: mtitek
    Creation date: 13-Oct-2015
    Entry type: PrivateKeyEntry
    Certificate chain length: 1
    Certificate[1]:
    Owner: CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA
    Issuer: CN=localhost, OU=mtitek, O=mtitek, L=Montreal, ST=QC, C=CA
    Serial number: 7eb0f60e
    Valid from: Sun Oct 13 08:50:26 EDT 2015 until: Wed Feb 27 07:50:26 EST 2043
    Certificate fingerprints:
         MD5:  2F:33:F2:81:CD:FA:AA:C2:CB:3E:68:E3:E2:1E:93:90
         SHA1: AD:94:5A:E1:23:8D:BA:CA:63:96:24:41:F1:26:9F:C4:2F:C4:C6:DE
         SHA256: AD:FE:78:B8:A7:D8:D4:2E:CF:F4:83:10:D8:24:56:39:7D:FB:5D:27:AF:21:F3:11:19:1B:73:38:9C:95:2C:94
         Signature algorithm name: SHA256withRSA
         Version: 3
    
    Extensions:
    
    #1: ObjectId: 2.5.29.14 Criticality=false
    SubjectKeyIdentifier [
    KeyIdentifier [
    0000: 0F E1 56 7B C8 0F 51 1A   8B 5C 1F 2D 6A 4A 68 46  ..V...Q..\.-jJhF
    0010: BB FD 0F 2F                                        .../
    ]
    ]
    
    *******************************************
    *******************************************
  3. Configure Tomcat
    Edit the file: "${TOMCAT_HOME}/conf/server.xml".

    Add the https connector:
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150"
        scheme="https"
        secure="true"
        SSLEnabled="true"
        clientAuth="false"
        sslProtocol="TLS"
        keystoreFile="/opt/cert/keystore"
        keyAlias="mtitek"
        keystorePass="sp123456"
        keyPass="kp123456" />
  4. Test the SSL Certificate
    URL: https://localhost:8443

    tomcat-ssl-cert
© 2025  mtitek