tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Lampert <>
Subject Re: Generating a Keystore
Date Tue, 17 Apr 2012 20:31:34 GMT
Victoria Johnson - Kio wrote:
  > The text on Apache is really confusing me about setting up SSL on 
> what do I do with this command
> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA

Well, first you need to be sure you're NOT running this on an AS/400. 
For some reason, Keytool is broken under OS/400.

At any rate, you need to find out where Java is on the computer you're 
using, and put it into your executable path.

Then you call the Keytool command:

keytool -genkey -keystore <whatever you want to call your keystore> 
-alias <whatever alias you wish to use> -keyalg RSA [-keysize <keylength>]

or for a more concrete example,

-genkey -keystore foo.ks -alias bar -keyalg RSA -keysize 2048

You will be prompted for a password; the default for Tomcat is 
"changeit"; you should probably give it this password unless you have a 
reason to do otherwise.

You will be prompted for a "first and last name." DON'T give it that. 
Give it the URL of your website, e.g., "" so that people 
don't get "certificate is for the wrong domain" warnings in their browsers.

You will be prompted for the particulars of who you are and where you 
are. These are important if you plan on having it signed by a CA, so 
that people don't get "self-signed certificate" warnings in their browsers.

Once you have a keystore, you can hook it to your Tomcat server by 
editing the server.xml file.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message