Creating a Self-Signed Certificate for SSL on Tomcat Localhost

A quick reference guide for setting SSL on your local Windows Tomcat instance. You can see the Tomcat Docs for the official instructions.

  1. Create the keystore file:

    “%JAVA_HOME%\bin\keytool” -genkey -alias tomcat -keyalg RSA -keystore keystore.jks

Note: you probably do want to explicitly name the keystore file. .jks is a repository of security certificates. The -genkey command creates a .keystore filetype by default which is a more generic type.

  1. Add the SSL configuration to the Tomcat server. Two parts- uncomment the SSL connector in the Tomcat server config and add the keystore (which has only one key for a fresh keystore gen).
    path\to\Apache Software\Tomcat7.0\conf\server.xml

  2. Double-check for AJP. For this config, I am not using AJP, so I needed to change the protocol from AJP to HTTP source:

Another great resource:

Common Keytool Commands