Installing a security certificate for Apache Tomcat ™

Secure communications between the Apache Tomcat application server that hosts the Connector and the client that communicates with the Connector by using a certificate that belongs to your company. Use the Java Development Kit (JDK) keytool program to create your own self-signed certificate.

About this task

In the <tomcat>/conf/server.xml file, Apache Tomcat is configured to read the server certificate from a keystore file.

To improve security, you need to generate a certificate. When you generate the new certificate you set values that are based on your company information. These values include the fully qualified domain name of the Tomcat server that you are deploying the Connector to.

The JDK keytool program is useful for managing keystores and certificates on the server. The keytool program is provided with any standard JDK distribution and can be located in the bin sub directory of wherever your JDK is installed: JAVA_HOME\bin.

For more information about the keytool program, see keytool - Key and Certificate Management Tool

  1. Go to the directory where the keystore file is located.
  2. Run the keytool commands from this directory.
  3. Generate a new certificate in the keystore.
    1. Run this command: PathToKeytool/keytool -genkey -keyalg RSA -alias example_name -keystore example_name-ssl.keystore -storepass example_name -validity 360 -keysize 2048
    2. As the certificate generation process runs, you are prompted to enter information.
    3. The keytool program prompts you for your first and last name. You must enter the fully qualified domain name of the Tomcat server that you are deploying the Connector to.
      • Warning: The name of the server must match the name that you enter for the certificate, otherwise a security certificate error results when you start the server.
    4. Use your company information to complete the remaining prompts. For the key password prompt, press RETURN to use the same password as the keystore password. These values are for information purposes only. After you complete the prompts, the example_name-ssl.keystore file is changed so that it contains a self-signed certificate that is based on your company information.
  4. If Apache Tomcat was running when you made the previous changes, restart the server.