Installing SSL Certificate on Tomcat


You can find instructions for installing an SSL certificate on a Tomcat web server below. These instructions work with Tomcat v8 and above.

For details on specific configuration options please refer to the official Tomcat documentation for SSL.

Before You Start

Please make sure you have downloaded your certificate files. Still haven't downloaded your certificate? To get instructions on how to download your certificate (.zip), you can click here.

After downloading your certificate, you should have a ZIP containing the following certificate files:

  • certificate.crt
  • ca_bundle.crt
  • private.key

  • Make sure that OpenSSL is installed on the target machine or container along with Java and Tomcat before continuing
  • Place the three files mentioned above in a directory where Tomcat can read them and set the permissions. In the next steps we'll use the directory /certs - please change the path accordingly.
  • Edit the "server.xml" file.
    • Make sure that it contains a line like this:
       <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
    • Next adapt the existing SSL listener in the same server.xml file or add a new one - don't forget to change the path accordingly:
      <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" >
      	<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        		<Certificate certificateKeyFile="/cert/private.key" certificateFile="/cert/certificate.crt" certificateChainFile="/cert/ca_bundle.crt" type="RSA" />
    • If you want Tomcat to listen on another port than 8443 please change port="8443" to a value that suits you
    • If you don't want to offer Http/2 you can omit the line <UpgradeProtocol .../>


Your site has now been secured using your new SSL certificate!

Was this article helpful?
0 out of 0 found this helpful