CONTACTUS
Live Chat
Chat now with us
Email Us
Send us an email, and we'll get back to you soon
Call Us
Reach out to us now

  Home > Knowledge Base >  User Guide >  How to Install an SSL Certificate on a Tomcat Server

How to Install an SSL Certificate on a Tomcat Server

2025-05-23

Tomcat supports certificates in both PFX and JKS formats. You can install either format on Tomcat based on your Tomcat version.

I. Installing PFX Format Certificate

1. Prepare PFX Certificate
Convert the certificate format to PFX according to the Certificate File Introduction and Pre-installation Preparation documentation.

2. Create Certificate Directory
Create a cert directory under your Tomcat installation directory and copy the PFX certificate into it.

3. Modify server.xml
Open Tomcat > conf > server.xml and add the following attributes to the 

<Connector port="443"

    protocol="HTTP/1.1"

    SSLEnabled="true"

    scheme="https"

    secure="true"

    keystoreFile="cert/domain_name.pfx"  

    keystoreType="PKCS12"

    keystorePass="your_certificate_password"  

    clientAuth="false"

    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"

    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,

             TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

4. Save server.xml
Confirm all configurations and save the file.

5. (Optional) Enable HTTP-to-HTTPS Redirection
Add the following to web.xml after :

    

    

    

        

        

    

    

        

    

6. Restart Tomcat
Restart Tomcat to apply changes.

 

II. Installing JKS Format Certificate

1. Convert Certificate to JKS

1) Method 1: Use JDK Command
Run the following command (Windows users: execute in %JAVA_HOME%/jdk/bin):

keytool -importkeystore -srckeystore domain_name.pfx -destkeystore domain_name.jks -srcstoretype PKCS12 -deststoretype JKS

2) Method 2: Use Online Tool
Convert via https://www.racent.com/cert-convert (select "PEM" as source format).

2. Set Passwords
Enter the PFX certificate password and set the JKS password.
Note: The JKS password must match the PFX password; otherwise, Tomcat will fail to start.

3. Copy JKS Certificate
Create a cert directory under your Tomcat installation directory and copy the JKS certificate and password file into it.

4. Modify server.xml
Update the 

<Connector port="443"

    protocol="HTTP/1.1"

    SSLEnabled="true"

    scheme="https"

    secure="true"

    keystoreFile="cert/domain_name.jks"  

    keystoreType="PKCS12"

    keystorePass="your_certificate_password"  

    clientAuth="false"

    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"

    ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,

             TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,

             TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

5. Save server.xml
Confirm configurations and save the file.

6. Restart Tomcat
Restart Tomcat to apply changes.

Previous:

It's the first one

Top Article

If you find 【How to Install an SSL Certificate on a Tomcat Server】 useful, please share it with your friends. Thank you!

Copy link

Top Article