Live Chat
Same Certs
Cheapest Price Seal
Less Price

How to Install SSL Certificate on Tomcat Web Server?

SSL certificates are a necessity to establish secure online data transmission. It brings the highest standards of security to the websites which in turn helps in preventing interception of data. It is very important that an SSL certificate should be accurately installed on your web server with the following proper procedures. This article will inform you procedure to install an SSL certificate on Apache Tomcat Server (version 9.0.4). Currently, Tomcat supports JKS, PKCS11 or PKCS12 format type keystrore. First of all, let’s create a Keystore file.

Create Secure Java Keystore (.jks) file:

JKS file known as “Jave Keystore” format created by key tool, which is a command-line key and certificate management utility provided by Java. This file is used to configure the SSL certificate on Tomcat Web Server. To create Java Keystore (.jks) file type the following command:

For Windows:

"%JAVA_HOME%\bin\keytool” -genkey -alias tomcat -keyalg RSA  -keystore \Users\<username>\Documents\keystore

After executing the above command, you will be prompted for a Keystore password. (default password is “changeit”) you can also set your customized password and specify it in a server.xml configuration file.

Follow Steps to Install and configure SSL/TLS Certificate on the Apache Tomcat Server (version 9.0.4):

Step 1: Generate CSR on Apache Tomcat Server using Keytool

In order to obtain an SSL certificate for Apache Tomcat Server 9 from trusted SSL Certificate provider, the basic requirement is to generate CSR (Certificate Signing Request). Certificate Authority will issue an SSL Certificate after verification of website identity. if you do not have a CSR file then get it typing the following command in keytool:

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <your_keystore_filename with .jks extension>

After executing a command, enter the exact Keystore password that you choose when you created a Keystore file in order to create a CSR file successfully.

You will be a asked few questions in terminal or console, where you need to enter the following information: Common name, Organizational unit, name of your organization, name of city or locality, name of your state or province, Two-letter country code for this unit.

Then, type “yes” if all information is correct.

Now, you will have certreq.csr file. The next step is an open a simple text editor (e.g. Notepad or TextEdit), and paste the block of code including beginning and ending tags submit to Certificate Authority (CA). After the verification process, CA will issue an SSL certificate.

Step 2: Install SSL Certificate into your Keystore

First of all, start the tomcat server using ./ command, make sure http://localhost:8080 server is running.

Now, you need to obtain a chain certificate file including three certificates such as Root, Intermediate and Primary Certificate in *.zip format from your Certificate Authority. Now, You need to import Root Certificate into your local Keystore with the following command:

keytool -import -alias root -keystore <your_keystore_filename>  -trustcacerts  -file <filename_of_the_chain_certificate>

To import the Intermediate Certificate, type the following command:

keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key

Finally, Type the following command to import your Primary Certificate into Keystore:

keytool -import -alias tomcat -keystore <your_keystore_filename> -file <your_certificate_filename>

After executing the above commands, a message will be displayed as “Certificate was added to Keystore”

Step 3: Configure HTTPS Connector to Tomcat Server using the admin tool

Tomcat requires the configuration of “SSL HTTP/1.1 Connector” in the server.xml file to accept secure connections. It is done by specifying the protocol attribute of connection. You can consider Tomcat native library to check more information.

To define Java (JSSE) Connector to the Tomcat server. Let’s consider a few steps to configure the SSL connector:

    1. Open Tomcat configuration file – ${CATALINA_HOME}/conf/server.xml in a text editor, which is located in Tomcat’s home directory folder.
    2. Locate the SSL connector port either 443 or 8443 that you want to use the new Keystore file (your_domain.key) to secure under Tomcat’s home directory.
    3. If necessary, you can Uncomment the SSL connector entry in server.xml file (
    4. Specify your .keystore filename and password in the connector configuration of Tomcat:

When the SSL connector is configured it will look like this:

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
  1. Save all your changes on the server.xml file and restart the Tomcat server.

Now, SSL Certificate installed successfully on Apache Tomcat Server 9 server, You can verify the URL that is loading in HTTPS using the SSL checker tool

Related Posts:

4.8/5 overall satisfaction rating

Based on 3910 ratings from actual customers

Customer Reviews
"Not a new customer just a new account due to a name change. Love your prices and service. Thanks for everything! Jimmy - Prestacarts Global Commerce"
Jimmy Ray Warren J / TX, United States
"I have to say your tech "Mike" went out of his way to help me setup the CSR for our SSL. I am not a techie, and Mike was extremely helpful and patient with me. You need to hire more support personnel like Mike! Great job Mike!! Thank you for all your help!! Jana"
Jana K
"Been using you guys for several years. Clean built website with a great UI/UX that lets me get to what I need to buy quickly. I couldn't ask for more. Thanks!"
Devin N
5 Star
4 Star
3 Star
2 Star
1 Star