SSL Certificate for TomcatServer

I wanted to create a signed SSL certificate for my tomcat server hosted in VPS. I have generated certificate using keytool but how do i make it signed SSL. Please assist.

search this forum as there are several excellent step by step guides.

Hint: search JKS - i wrote a fairly extensive guide on this


Hi, I have a VPS server which has the tomcat and Apache2 server. I dont have a domain enabled for this server. However i have a domain with different vendor. Considering this case, how we can create a ssl certificate for this. When i generate SSL it fails in domain verification where in which it ask me to enter the TXT value in my domain for verification.

What is the best way to create a SSL for my tomcat server considering the above scenario. Please note i already have a SSL certificate for my IIS server Which is calling my web-services hosted in tomcat server. My request is failed to reach my tomcat server due to SSL issue,

I am referring to the below blog.

Hi @wototech,

Could you explain more about your hosting situation? What do you mean by having a domain with a different vendor? What kind of vendor is that? How is your domain hosted? How do you plan to use the certificate once you get it?

My domain is with Godaddy and i have a hosting server with them. I bought the SSL from Godaddy. My UI application is deployed in Godaddy Server. Now my UI applications are secured with SSL which i bought from Godaddy.

My backend server including web services were deployed in another server (VPS system with the vendor VPSDime).

My VPS system has the public IP address, For which i need to install a new SSL certificate. Because http call from https is blocked by AJAX(My UI applications are not able to communicate with the backed server).

For this scenario, How we can install SSL Certificate for my backend server (For example Tomcat server).

hi @wototech

Thanks for explaining the situation

Most CA’s will not issue certificates for IP addresses.

There are 4 ways forward

A) Create a self signed certificate and ask your code to trust it (depending on what language you use this may or may not be configurable)
B) Add a new dns record such as and then point it to your VPSDime server and you will be able to obtain a certificate
C) Use your existing GoDaddy certificate and import it in to your tomcat server - at the end of the article there is a link to how to go from PFX (common microsoft format) to JKS
D) Use Microsoft Active Directory Certificate Services to create a certificate for your backend server (no need to involve CAs)

Depending on how long lived your GoDaddy Certificate is and how specific (e.g. wildcard or single domain) the GoDaddy option may be the best

If you do want to get a certificate from Let’s Encrypt you will need to take two steps:

A) Add DNS entry for your backends
B) Pass a challenge (i would suggest using the DNS Challenge as the other two challenges are problematic with Tomcat)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.