Enabling SSL on a Tomcat “devl” machine (Windows)

These are the steps involved to enable SSL on Tomcat on developer machine for test purposes.

1. Create a certificate key store

Run this command in the command prompt –

[sourcecode language=”bash”]

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA


An interactive console based program is launched –

  1. When asked for a password, provide one and confirm the same.
  2. The program then prompts for your first name and last name; here, enter the name of the host machine. eg. testserver1. (Do NO T enter the IP of the host here.)
  3. Provide proper values for further prompts like Company Name, State etc.
  4. Press enter when prompted for a tomcat password.

This will create a key repository file .keystore in the home folder of the (windows) user.

2. Edit the Server.xml (in [catalina-home]/conf)

1. Uncomment the node <Connector port=”8443″……/>.

2. Edit/Add the following attributes (colored) to the above node –

protocol=”org.apache.coyote.http11.Http11Protocol” SSLEnabled=”true” keystoreFile=”${user.home}/.keystore” keystorePass=”[the-password-you-provided]” maxThreads=”150″ scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” />

3. Start tomcat. Run an application using  URL “http: //[ hostname]:8443/[appname]”.

4. The browser probably shows an “Untrusted Certificate” warning – Ignore and proceed.

Following are additional steps required to enable java based HTTP-clients  talk to this newly created secured server .

3. Install the Host Certificate as Trusted

  1. Download and unzip this file to desktop.
  2. In the folder InstallCert run this in command prompt – [sourcecode language=”bash”] java -cp . InstallCert [above-host-name]:8443 [/sourcecode]
  3. When done, the program creates a file “jssecacerts” in the same folder. Copy this file to folder (java-home)/jre/lib/security.

Done !

You should now  be able to run services requiring sercured connection on this host like CAS server and clients.

Kj [/.] Sreekumar programs computers as a hobby and profession. Into programming from his school days, Sree uses Codemarvels to key in facts and fixes he finds interesting while working on different projects. Some of the articles here give away a few shades of his philosophical leanings too.

Leave a Comment

Your email address will not be published. Required fields are marked *