Live Chat
Same Certs
Cheapest Price Seal
Less Price

How to Install SSL Certificate on Tomcat Web Server?

SSL certificates are the necessity to establish secure online data transmission. It brings highest standards of security to the websites which in turn help in preventing interception of data. It is very important that SSL certificate should be accurately installed on your web server with following proper procedures. This article will inform you procedure to install SSL certificate on Apache Tomcat Server (version 9.0.4). Currently, Tomcat supports JKS, PKCS11 or PKCS12 format type keystores. First of all, let’s create Keystore file.

Create Secure Java Keystore (.jks) file:

JKS file known as “Jave Keystore” format created by keytool, which is a command-line key and certificate management utility provided by Java. This file used to configure SSL certificate on Tomcat Web Server. To create Java Keystore (.jks) file type the following command:

For Windows:

"%JAVA_HOME%\bin\keytool” -genkey -alias tomcat -keyalg RSA  -keystore \Users\<username>\Documents\keystore

After executing above command, you will be prompted for a Keystore password. (default password is “changeit”) you can also set your customized password and specify it in a server.xml configuration file.

Follow Steps to Install and configure SSL/TLS Certificate on the Apache Tomcat Server (version 9.0.4):

Step 1: Generate CSR on Apache Tomcat Server using Keytool

In order to obtain SSL certificate for Apache Tomcat Server 9 from trusted SSL Certificate provider, the basic requirement is to generate CSR (Certificate Signing Request). Certificate Authority will issue SSL Certificate after verification of website identity. if you do not have CSR file then get it typing following command in keytool:

keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore <your_keystore_filename with .jks extension>

After executing a command, enter the exact keystore password that you choose when you created a keystore file in order to create CSR file successfully.

You will be a asked few questions in terminal or console, where you need to enter following informations: Common name, Organizational unit, name of your organization, name of city or locality, name of your state or province, Two-letter country code for this unit.

Then, type “yes” if all information is correct.

Now, you will have certreq.csr file. Next step is open simple text editor (e.g. Notepad or TextEdit), and paste the block of code including beginning and ending tags submit to Certificate Authority (CA). After the verification process, CA will issue SSL certificate.

Step 2: Install SSL Certificate into your keystore

First of all, start tomcat server using ./ command, make sure http://localhost:8080 server is running.

Now, you need to obtain chain certificate file including three certificates such as Root, Intermediate and Primary Certificate in *.zip format from your Certificate Authority. Now, You need to import Root Certificate into your local Keystore with the following command:

keytool -import -alias root -keystore <your_keystore_filename>  -trustcacerts  -file <filename_of_the_chain_certificate>

To import the Intermediate Certificate, type the following command:

keytool -import -trustcacerts -alias intermediate -file IntermediateCertFileName.crt -keystore keystore.key

Finally, Type following command to import your Primary Certificate into keystore:

keytool -import -alias tomcat -keystore <your_keystore_filename> -file <your_certificate_filename>

After executing above commands, message will be displayed as “Certificate was added to keystore”

Step 3: Configure HTTPS Connector to Tomcat Server using admintool

Tomcat requires configuration of “SSL HTTP/1.1 Connector” in server.xml file to accept secure connections. It is done by specifying protocol attribute of connection. You can consider Tomcat native library to check more information.

To define Java (JSSE) Connector to the Tomcat server. Let’s consider few steps to configure the SSL connector:

    1. Open Tomcat configuration file – ${CATALINA_HOME}/conf/server.xml in a text editor, which is located in Tomcat’s home directory folder.
    2. Locate the SSL connector port either 443 or 8443 that you want to use the new keystore file (your_domain.key) to secure under Tomcat’s home directory.
    3. If necessary, you can Uncomment the SSL connector entry in server.xml file (
    4. Specify your .keystore filename and password in connector configuration of Tomcat:

When the SSL connector is configured it will look like this:

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
  1. Save all your changes on the server.xml file and restart Tomcat server.

Now, SSL Certificate installed successfully on Apache Tomcat Server 9 server, You can verify the URL that is loading in HTTPS using SSL checker tool

Related Posts:

4.8/5 overall satisfaction rating

Based on 3829 ratings from actual customers

Customer Reviews
"Not a new customer just a new account due to a name change. Love your prices and service. Thanks for everything! Jimmy - Prestacarts Global Commerce"
Jimmy Ray Warren J / TX, United States
"I have to say your tech "Mike" went out of his way to help me setup the CSR for our SSL. I am not a techie, and Mike was extremely helpful and patient with me. You need to hire more support personnel like Mike! Great job Mike!! Thank you for all your help!! Jana"
Jana K
"Been using you guys for several years. Clean built website with a great UI/UX that lets me get to what I need to buy quickly. I couldn't ask for more. Thanks!"
Devin N
5 Star
4 Star
3 Star
2 Star
1 Star
Close uses cookies to personalize shopping cart items and analyze site traffic to provide you best user experience on our website. Learn more about cookies.