How to Enable SSL for Tomcat(version:9) Server?

Hello everyone, In this tutorial, you will learn, how to enable SSL for Tomcat(version:9) server. The following steps have been tested and shared in the same post.

Creating a Self-Signed Certificate

The self-signed certificate can be created using keytool(which is part of JDK bundle), please hit the following command in the command prompt to create the self-signed digital certificate.

keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks -storepass mypassword
Creating a Self-Signed Certificate using Keytool

Download the Tomcat(version:9)

Please click the following link to download tomcat (version:9), the link contains tomcat server distribution for a various operating system. Based on your OS (Operating System) you can select the download. In this tutorial, I downloaded the binary (zip) distribution.

Once you have downloaded the distribution unzip it or go to the installed tomcat home directory and open $TOMCAT_HOME$/conf/server.xml file in any text editor.

Tomcat(version:9) SSL Configuration

Please enable or uncomment following SSL configuration section in the server.xml file and fill the following attributes in the configuration.

  • certificateKeystoreFile – A generate keystore.jks file path
  • certificateKeystorePassword – The keystore password (i.e. mypassword)
  • certificateKeyAlias – The certificate alias name (i.e. tomcat)

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
		<Certificate certificateKeystoreFile="conf/keystore.jks"
					 type="RSA" certificateKeystorePassword="mypassword" certificateKeyAlias="tomcat"/>

then save the server.xml file and start the tomcat server. you can open https://localhost:8443/  in the browser.

Enable SSL in Tomcat(version:9) server

Why it`s “Not Secure”?

Since, it`s self-signed digital certificate the browser thinks that this is certificate isn’t signed yet by CA such as Thawte, Comodo or Verisign who will verify the identity of the requester and issue a signed certificate anyway you can proceed further till you receive you signed the certificate