HTTPS/SSL with Tomcat 6 on Ubuntu

Generate self-signed certificate

Create certificate.bin with user admin and password adminpass:

keytool -genkey -alias admin -keypass adminpass -keystore certificate.bin -storepass adminpass

Accept default values except for the last question

What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Move certificate.bin to Tomcat folder.

Setup Tomcat

In <tomcat_folder>/conf/server.xml, uncomment the definition starting with <Connector port=“8443” and add keystoreFile and keystorePass attributes:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="certificate.bin" keystorePass="adminpass" />


  • certificate.bin can be anywhere, just use its absolute path in server.xml
  • possible to change 8443 to anything else
  • possible to disable the non-SSL connector (just comment it out)