How to Generate an internal SSL certificate
Create the self-signed keystore
$ su -
$ URL="your.url.here";export URL
$ cd /opt/tomcat/conf
$ keytool -genkey -alias ${URL} -keyalg RSA -keystore ${URL}.keystore
Enter keystore password: changeit
What is your first and last name?
[Unknown]: your.url.here
What is the name of your organizational unit?
[Unknown]: IT
What is the name of your organization?
[Unknown]: your.url.here
What is the name of your City or Locality?
[Unknown]: Brisbane
What is the name of your State or Province?
[Unknown]: QLD
What is the two-letter country code for this unit?
[Unknown]: AU
Is CN=your.url.here, OU=IT, O=your.url.here, L=Brisbane, ST=QLD, C=AU correct?
[no]: yes
Enter key password for <your.url.here>
(RETURN if same as keystore password):
Turn the keystore into a X.509 certificate
$ keytool -export -alias ${URL} -keystore ${URL}.keystore -rfc -file ${URL}.cert
Enter keystore password: changeit
Certificate stored in file <your.url.here.cert>
Delete existing trusted certificate
$ keytool -delete -alias ${URL} -file ${URL}.cert -keystore /opt/java/jre/lib/security/cacerts -storepass changeit
Import the certificate into cacerts – JRE trusted certificates
$ keytool -import -alias ${URL} -file ${URL}.cert -keystore /opt/java/jre/lib/security/cacerts -storepass changeit
Owner: CN=your.url.here, OU=IT, O=your.url.here, L=Brisbane, ST=QLD, C=AU
Issuer: CN=your.url.here, OU=IT, O=your.url.here, L=Brisbane, ST=QLD, C=AU
Serial number: 44ab628c
Valid from: Wed Jul 05 01:56:12 CDT 2006 until: Tue Oct 03 01:56:12 CDT 2006
Certificate fingerprints:
MD5: EC:76:01:04:7F:FC:21:CC:A8:41:AD:86:C8:B2:D5:6D
SHA1: 2D:FD:7C:56:65:70:36:1B:1D:71:09:41:84:98:E6:8E:89:18:BC:18
Trust this certificate? [no]: yes
Certificate was added to keystore
If you replaced an existing certificate you will need to restart Tomcat.
