Create SSL Certificate for HTTPS localhost on Tomcat 7 Chrome and Internet Explorer

Getting SSL working with a self signed certificate for local development was poorly documented everywhere I looked. Step by Step guide

1.Create an alias in your hosts file.

To do this you need to know your ip address. Once you do, open


and add the entry with your ip address. EG:

hosts entry

Now, assuming you are running apache tomcat, you should be able to navigate to

and see the same content as localhost:8084

2. Generate an entry in the keystore file for your alias.

The part in bold must match your hosts file entry, eg, my command was (note, I am using the keystore provided with my JDK) (note, to see which of your installed JDk’s Netbeans is using:

C:\Program Files\NetBeans 7.x\etc\netbeans.conf

keytool -genkey -alias -keyalg RSA -keystore “C:\Program Files\Java\jdk1.7.0_71\jre\lib\security\cacerts”

You are asked for you password. The default password is ‘changeit’.

You are now asked to enter your name. enter your name as whatever value your alias is. In my case I entered the name as


  1. ‘keystore’ is not recognsed as an internal or external command. – Make sure the following directory (or your equivalent) is in the PATH environment variable. EG “C:\Program Files (x86)\Java\jre6\bin”
  2. access is denied / file not found exception for cacerts. – This was on Windows 7 and there were access issues. I needed to run command window as an administrator.

3.Configure Apache Tomcat to Allow Https connections

Navigate to server.xml which is located in your tomcat’s conf directory. Find the section “Define a SSL HTTP/1.1 Connector on port 8443” Add the below part to it. Do not uncomment anything, this should be all you need with the italics requiring you to add in your own values. Note: The part in bold is left out of most tutorials I found which caused me delays, hence this blogpost. Note that the default password for the cacerts file which came with the JDK is ‘changeit’

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11Protocol” maxThreads=”150″ scheme=”https” secure=”true” SSLEnabled=”true” keystoreFile=”C:/Program Files/Java/jdk1.7.0_71/jre/lib/security/cacerts” keystorePass=”changeit” clientAuth=”false” keyAlias=”” sslProtocol=”TLS”/>

Restart Apache Tomcat. Note, if you are using Netbeans (like I am) you will also have to edit the server.xml in the Catalina base. You can find where catalina base is by clicking on the Tomcat server in Netbeans.

4.Copy the certificate which you have generated

Using Chrome, attempt to navigate to the secure section of your site. For me, it was (Note the HTTPS protocol):

Click on the broken red padlock in the address bar and Click the Certificate Information > Details tab > Copy To file > Export. Save it as the defaut .cer file type. Save it with the same name as you alias. For me this file is named:

5.Create an entry in the trusted certificate publishers directory of your machine

Open a command window and type


Expand the ‘Trusted Publishers’ directory. Using the menu bar, select action >All Tasks >Import, and import the file you created in step 4. Repeat this process in the ‘Trusted Root Certification Authorities’ directory. Restart your machine.

Note, syntax for keytool -delete

 -alias keyAlias
 -keystore keystore-name
 -storepass password

What an enormous pain in the b****x this proved to be.

The Why:


2 Responses to Create SSL Certificate for HTTPS localhost on Tomcat 7 Chrome and Internet Explorer

  1. Pingback: Updating Your Local SSL Certificate | Useful Pieces of Code Which I Continually Reuse

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: