Pivotal Knowledge Base


Generating a self-signed SSL certificate using the Java keytool command


Apache Tomcat

vFabric tc Server


A certificate generated using the Java keytool command is compatible with products such as Apache Tomcat, and vFabric tc Server and can be used to provide secure encrypted communications. 

This article provides the steps to generate a self-signed SSL certificate using the Java keytool command. 


To generate a self-signed SSL certificate using the keytool command on Windows, Mac, or Linux:

  1. Open a command prompt or terminal
  2. Run this command

    keytool -genkey -keyalg RSA -alias tomcat -keystore selfsigned.jks -validity <days> -keysize 2048

    Where <days> indicate the number of days for which the certificate will be valid.

  3. Enter a password for the keystore. Note this password as you require this for configuring the server
  4. When prompted for a first name and the last name, enter the domain name of the server. For example, myserver or myserver.mycompany.com
  5. Enter the other details, such as Organizational Unit, Organization, City, State, and Country
  6. Confirm that the information entered is correct
  7. When prompted with "Enter key" password for <tomcat>, press Enter to use the same password as the keystore password
  8. Run this command to verify the contents of the keystore
    keytool -list -v -keystore selfsigned.jks
  9. When prompted, enter the keystore password note in Step 3. The basic information about the generated certificate is displayed. Verify that the "Owner" and "Issuer" are the same. Also, you should see the information you provided in Step 4 and 5

The certificate is now complete and can be used by Apache Tomcat, or vFabric tc Server.


Powered by Zendesk