Enable SSL/HTTPS On Tomcat Server

I am writing this post just to recollect (when needed) how to enable SSL/HTTPS on Tomcat sever for a J2EE web project, it could be Spring MVC project or a RESTful API or just any other dynamic web project which could use any framework, obviously it could help someone who's looking to achieve the same thing.

There are 3 main steps involved in configuring SSL/HTTPS on your Tomcat server:

1. Create a Self Signed Certificate/Keystore, in case you don't have one. The obvious question is How To Create A Self Signed Certificate/Keystore?

Open the command prompt as administrator and type the below command: 

"%JAVA_HOME%\bin"\keytool -genkeypair -alias suj -keyalg RSA -keypass sujPass -storepass sujPass -keystore C:\KeyStore\suj.keystore

- The above command would create a keystore named suj in the directory C:/KeyStore (make sure you have the folder created with the same name or change the command accordingly). 
- The password that I ve given is sujPass, if you look at the command there are two passwords, keyPass and storePass, make sure both the passwords are the same. 
- Also, make sure you have a variable with name JAVA_HOME added in your environment variables.

When you execute the above command, it would ask you for some basic questions, I think you should be able to answer them :P

2. Navigate to C:\apache-tomcat{version}\conf and open the server.xml file, un-comment the follwing tag:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"/>

and change it to

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"

3. Go to your project's web.xml file and add a security constraint, if it doesn't exist already

  <web-resource-name>Secure URLs</web-resource-name>

In case you already have a security constraint tag, add the below tag within it


Now, restart your tomcat server and deploy the application. It should automatically redirect you to the port 8443. 

Share on Google+

About Sujit Horakeri

Sujit Horakeri is a game freak just like any other next door guy you would come across. He is a Web Developer by Profession, Game Developer by Choice.


  1. Wow this could have really come in handy back when YouTube was blocked from Pakistan. But anyways better late than never

  2. Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.
    I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging.
    If anyone wants to become a Java developer learn from Java EE Online Training from India.
    or learn thru Java EE Online Training from India .
    Nowadays Java has tons of job opportunities on various vertical industry.