Installing a security certificate for Apache Tomcat ™
Secure communications between the Apache Tomcat application server that hosts the adapter and the client that
communicates with the adapter by using a certificate that belongs to your company. Use the Java Development Kit
(JDK) keytool program to create your own self-signed certificate.
About this task
<tomcat>/conf/server.xml file, Apache Tomcat is configured to read the server
certificate from a keystore file.
To improve security, you need to generate a certificate. When you generate the new certificate you set values that
are based on your company information. These values include the fully qualified domain name of the Tomcat server
that you are deploying the adapter to.
The JDK keytool program is useful for managing keystores and certificates on the server. The keytool program is
provided with any standard JDK distribution and can be located in the bin sub directory of wherever your JDK is
For more information about the keytool program, see keytool - Key
and Certificate Management Tool
- Go to the directory where the keystore file is located.
- Run the keytool commands from this directory.
- Generate a new certificate in the keystore.
- Run this command: PathToKeytool/keytool -genkey -keyalg RSA -alias example_name -keystore
example_name-ssl.keystore -storepass example_name -validity 360 -keysize 2048
- As the certificate generation process runs, you are prompted to enter information.
- The keytool program prompts you for your first and last name. You must enter the fully qualified domain
name of the Tomcat server that you are deploying the adapter to.
- Warning: The name of the server must match the name that you enter for the certificate, otherwise a
security certificate error results when you start the server.
- Use your company information to complete the remaining prompts. For the key password prompt, press RETURN
to use the same password as the keystore password. These values are for information purposes only. After you
complete the prompts, the example_name-ssl.keystore file is changed so that it contains a self-signed
certificate that is based on your company information.
- If Apache Tomcat was running when you made the previous changes, restart the server.