Configure SSL on Tomcat 8

> Generate a keystore
> Configure server.xml in tomcat

Generate Keystore using keytool:
Following command would generate a key with name .keystore under home directory (example: C:\Users\flicsdb\.keystore)

keytool -genkey -alias my_key -keyalg RSA

keytoolif you are not registered to any domain currently you can give any name for the first question, answer rest of the questions accordingly. Now a key is generated @ C:\Users\zillani\ in my case.

Edit Server.xml
Navigate to directory conf under tomcat home directory and open server.xml, find for the following line
Define a SSL/TLS HTTP/1.1 Connector on port 8443

Now uncomment and edit the connector tag as below

    <Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
        disableUploadTimeout="true" enableLookups="false" maxThreads="25"
        port="8443" keystoreFile="C:\Users\zillani\.keystore" keystorePass="password123"
        protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
        secure="true" sslProtocol="TLS" />
      <!-- Define an AJP 1.3 Connector on port 8009 -->
      <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Now start your tomcat and check the connection over 8443, the following should appear
That’s it! you are able to configure tomcat over https, connection is insecure because we have a self signed certificate which is still fine for a development environment but for production you  need to buy SSL CA providers like


Configure SSL on Tomcat 8

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s