Tomcat 8: SSL configuration with self-signed certificate

Download and unpack a Tomcat8 distribution. Lets say the location is /usr/local/tomcat8.

First, we will create a self-signed certificate using the java keytool. This is the command:

keytool -genkey -noprompt -trustcacerts -keyalg RSA -alias tomcat -dname “CN=Palash Ray, OU=Demo, O=Swayam, L=Bangalore, ST=Karnataka, C=IN” -keypass changeme -keystore /usr/local/tomcat8/keystore/my_keystore -storepass changeme

This will create the keypair at the location /usr/local/tomcat8/keystore/my_keystore.

Now, go to the /usr/local/tomcat8/conf directory. In the server.xml, look for commented lines:

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol” …

Uncomment that and replace it with:


You should be all set now. Save the server.xml and start tomcat. Go to: https://localhost:8443

This can be embedded into a docker image. This is how the docker file would look:

The sources can be found here:

The docker image can be found here:

You can run the image by using:

docker pull paawak/self-signed-tomcat8

docker run -d -p 9090:8443 paawak/self-signed-tomcat8




Leave a Reply

Your email address will not be published. Required fields are marked *