Enable SSL and several domains on Tomcat 10

1. get CSR and private key

create CSR at or other web site

save CSR to file mydomain.csr

save key to file mydomain.pcks8

2. get certificate from CA

GeoTrust or other

get files

  • root.crt
  • intermediate.crt
  • mydomain.crt

  • 3. create JAVA keystore

    use keystore explorer

    create new JAVA keystore (JKS) my.keystore with password mypassword

  • import the mydomain.crt
  • import keypair from mydomain.crt and mydomain.pcks8
  • append intermediate.crt to keypair
  • append root.crt to keypair
  • save keystore my.keystore to Tomcat Home\

    4. edit server.xml

    enable SSL connector at port 443 additionally

    <Connector port="80" protocol="HTTP/1.1"


       redirectPort="443" />

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

       maxThreads="150" SSLEnabled="true">

       <UpgradeProtocol   className="org.apache.coyote.http2.Http2Protocol" />


       <Certificate certificateKeystoreFile="my.keystore"


       type="RSA" />



    5. several domains

    enable other host myotherdomain

    (beware of comments in .xml)

    <Host name="localhost" appBase="webapps"

       unpackWARs="true" autoDeploy="true">

       <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

       prefix="localhost_access_log" suffix=".txt"

       pattern="%h %l %u %t &quot;%r&quot; %s %b" />


    <Host name="myotherdomain" appBase="webapps.myotherdomain"

       unpackWARs="true" autoDeploy="true">


       <Context path="" docbase="."/>