Configure SSL on Tomcat (with trust store)

I would recommend you to go through this really simple post for basic understanding about configuring ssl on tomcat.

> generate server certificate
> add certificate to trust store
> Set up server.xml

Generate Server certificate:
make sure JAVA_HOME variable is set, navigate to any directory and open command prompt, give the following commands to generate server certificate

keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -keysize 2048

(if you don’t like the jks format keystore, you can try below)
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore thekeystore

Above command will generate server certificate in jks format (Java Keystore)

keytool -export -alias server-alias -storepass changeit -file server.crt -keystore keystore.jks

Exports the generated server certificate  into the file server.crt

Add Server certificate to trust store:
Now copy this server.crt to %JAVA_HOME%/jre/lib/security and give the following command

keytool -import -v -trustcacerts -alias server-alias -file server.crt -keystore cacerts -keypass changeit -storepass changeit

Adds certificate to trust store (default trust store location is %JAVA_HOME%/jre/lib/security/cacerts)

Navigate to tomcat_home/conf/ and edit <connector> tag in server.xml as below according to your location

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" disableUploadTimeout="true" enableLookups="false" maxThreads="25"  port="8443" keystoreFile="C:\Program Files\Java\jdk1.8.0_101\bin\keystore.jks" keystorePass="changeit"  truststoreFile="C:\Program Files\Java\jdk1.8.0_101\jre\lib\security\cacerts"  protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"  secure="true" sslProtocol="TLS" />

note: the value keystoreFile=”C:\Program Files\Java\jdk1.8.0_101\bin\keystore.jks is the location where I generated the keystore file, give accordingly in your case or this can be copied to any location as well for instance keystoreFile = “H:\keystore.jks”)
** also note that
truststoreFile is not required for this setup **

recommended: refer to this post as well


Configure SSL on Tomcat (with trust store)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s