Steps to get a Free SSL certificate for your Tomcat

By: Reema sen Emailed: 1785 times Printed: 2614 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

Most often web developers face the issue of getting a free SSL certificate for their websites. Though the process of generating a SSL certificate is easy, it is quite confusing if you are doing it for the first time. If you are one such developer then here is the solution for you step by step.

If you’re using Java 1.4, or Java 5 Standard Edition, Java Secure Socket Extension (JSSE) has been integrated into its core, so no additional download is needed.

Note More information about JSSE can be found at

Create a certificate keystore by executing the following command:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

Specify a password value of changeit. This process should resemble the session shown in
Figure below.

Figure: The output of the keytool program when creating a certificate keystore for Tomcat

The keytool application will prompt you for information such as first and last name, city, state, and so on. We’ve used localhost as the first and last name values, because this is the value matched by your browser when verifying authenticity of the certificate. It actually shows up as the certification path in the resulting certificate. For testing purposes, you can accept the default values for most of the other prompts. When the tool prompts you to verify the data, type yes and press Enter. Finally, press Enter to accept the keystore password as the user password. 

This is still not a valid certificate because you’re generating it yourself. To get a valid certificate, you must purchase one from a certificate authority (CA) such as VeriSign. In this example, using localhost will result in one less warning in the user’s browser.

Now, edit %TOMCAT_HOME%/conf/server.xml and remove the comments around the SSL HTTP/1.1 Connector entry. After you’ve set this up, you should be able to access Tomcat by using https://localhost:8443. Don’t forget the s after http. The port has to be specified because it isn’t the default port for HTTPS (port 443).

Tomcat expects the .keystore file that was created by the keystore tool to be in a particular location (the user’s home directory). If you are having trouble accessing Tomcat over SSL (particularly if the error log has messages about not being able to access the .keystore file), you can tell Tomcat where the .keystore file is by adding this attribute to the SSL <Connector> element of servler.xml:


If you don’t want to specify your port numbers on your URLs when using Tomcat, you can easily change them in the server.xml file. When accessing Tomcat for the first time on its SSL port, you should be prompted with a security alert (see Figure below).

Figure: When accessing a secure site over SSL by using a certificate that was created by
someone other than a CA, the browser will display a security alert informing you of that fact.

If you use your real name rather than localhost when generating this certificate, the security
alert will warn you that the certificate’s name doesn’t match the name of the page you’re
trying to view (see Figure below).

Figure: If the name on the certificate has a problem, the security alert will also display
that information.

One thing you’ll probably notice after setting this up is that your browser warns you about the certificate. This is because the issuer of the certificate is unknown (you) and the browser doesn’t recognize you as a CA. CAs, such as VeriSign (, Thawte (, and TC TrustCenter (, are trusted organizations that verify and certify that a server is who it says it is. Also, you can obtain client certificates if you want to set up both client and server certificates. This may be necessary in highly secure, top-secret, X Files–flavored applications, but it’s not necessary for most web applications.

One drawback to using SSL in a web application is that it tends to significantly decrease the throughput of the server. This is mainly due to the encryption and decryption process on each end of the connection. Therefore, we recommend that you use SSL only for the parts of your application that really need it—for instance, when a user logs in or when a user submits a credit card number.

JSP Home | All JSP Tutorials | Latest JSP Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.

Bookmark and Share


Be the first one to add a comment

Your name (required):

Your email(required, will not be shown to the public):

Your sites URL (optional):

Your comments:

More Tutorials by Reema sen
this keyword sample in Java
Using the DriverManager Class vs Using a DataSource Object for a connection
Steps to get a Free SSL certificate for your Tomcat
fgets(), fputs() - Line Input and Output - sample program in C
Address Arithmetic and pointers in C
Constants and escape sequences in C
Implementing Pure Virtual Functions in C++
strcat() and strncat() sample program in C++
paint() sample program to draw a line in J2ME
Creating and Handling JAR files
SequenceInputStream example program in Java
FilenameFilter - sample program in Java
Transient vs Volatile modifiers in Java
while (1) Loops in C++
Use of 'finally' in Java

More Tutorials in JSP
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: ` Permission denied <null>:80
JSP Alert Example
JSP CheckBox Example
Uploading an Image to a Database using JSP
Uploading a file to a server using JSP
A JSP page that gets properties from a bean
The page Directive in JSP
The taglib, tag, include, attribute and the variable Directive in JSP
Declarations in JSP
Scriptlets and Expressions in JSP
Tag Libraries in JSP
The Request Object in JSP
The Response Object in JSP
The Out Object in JSP
The Session Object in JSP

More Latest News
Most Viewed Articles (in JSP )
JSP Example to connect to MS SQL database and retrieve records
What are the different scopes in JSP?
JSP CheckBox Example
JSP Alert Example
Comparison operators in JSP
Sending Email using JSP
Uploading an Image to a Database using JSP
Arithmetic Evaluation Using the Expression Language in JSP
The Advantages of JSP
Writing your first JSP page
Uploading a file to a server using JSP
The Request Object in JSP
Disabling Scriptlets in JSP using web.xml
Deploying an Individual JSP on Tomcat
Automatically Refreshing a JSP
Most Emailed Articles (in JSP)
The Tag Life Cycle with Attributes in JSP
Calling JSP from a batch file
JSP Program for display Date
Sessions in JSP
Simple HTML-Building Utilities
Handling Events
Using a DataSource from WebLogic in a JSP
The JSP Program running first Time.
Declaring variable in JSP
The Advantages of JSP
Password Object
Retrieving a Portion of a String
Automatically Including Preludes and Codas in JSP
The Differences Between Simple and Classic Tags in JSP