How to Generate CSR on Apache Tomcat?

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Steps to Generate CSR on Apache Tomcat

Generating a CSR and obtaining a signed certificate from a trusted Certificate Authority is an important step to enable HTTPS on Apache Tomcat. Without a certificate signed by a trusted Certificate Authority (CA), web browsers will show security warnings when users access your Tomcat server over HTTPS. This can negatively impact your website’s usability and trustworthiness.

By generating a CSR from Tomcat’s keystore, you provide the necessary information for a CA to verify your identity and issue an SSL certificate in your organization’s name. Once you import the signed certificate into Tomcat’s keystore, web browsers will be able to validate the certificate chain up to the trusted CA root certificate. This validation allows browsers to establish a secure HTTPS connection to your Tomcat server without security warnings.

Step by Step Guide to Generate a CSR in Apache Tomcat

  1. Open the Tomcat server.xml configuration file. The default location is $CATALINA_HOME/conf/server.xml.
  2. Locate the Connector element for the HTTPS connector. It will look something like this:


<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true">
  1. Add the keystoreFile, keystorePass, keyAlias, and keyPass attributes to the Connector element:


<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"  
           maxThreads="150" SSLEnabled="true" 
  1. Generate a new keystore with a private key for the CSR using the keytool command as.
keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcat.keystore -keypass changeit -storepass changeit
  1. Now generate the CSR from the keystore using keytool:
keytool -certreq -alias tomcat -keystore tomcat.keystore -storepass changeit -file tomcat.csr
  1. Send the tomcat.csr file to your CA to sign and receive the signed certificate.
  2. Import the signed certificate into the keystone:
keytool -import -alias tomcat -keystore tomcat.keystore -storepass changeit -file tomcat.crt
  1. Restart Tomcat for the changes to take effect.

Once you complete the CSR Generation, you can move ahead to install your SSL Certificate on Apache Tomcat.

Cheap SSL Certificates