Tomcat SSL Certificate Update March 20, 2026 14:02 Updated HTTPS encrypts the communication between your browser and the Tomcat server. This ensures that all data transmitted between the client and the server is securely protected from interception or tampering by unauthorized parties. This guide applies to all BOC products that you operate on-premises and only proposes one of many paths https can be setup. Please consult your its security responsible, before reading further.In scenarios where BOC products are provided as a Software as a Service (SaaS), BOC takes management of these certificates, ensuring that the HTTPS connections are properly secured without requiring any additional configuration from your side. Disclaimer:Apache Tomcat is third-party software developed by the Apache Foundation.This best-practice guide is not intended to substitute for professional advice from a qualified IT or security expert. BOC Group disclaims all liability for any damages incurred.The guide focuses exclusively on the Tomcat HTTPS certificate (Transport Layer Security) and does not address Single Sign-On (SSO) configurations. Recommended Approach: server.xml Configure the SSL connector in server.xml Access the Configuration FileNavigate to <Tomcat-Installation>/conf/server.xml and open the file using a text editor. Identify the SSL Configuration Block:Locate the commented section as shown below: <!-- Define a SSL HTTP/1.1 Connector on port 8443 ... --> <!-- <Connector ... /> --> This configuration typically pertains to port 8443. Uncomment and Modify the Connector Parameters: Tomcat 9 Remove the comment tags <!-- and -->, then update the configuration as follows: <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:/CompanyCert.p12" keystorePass="YourSecurePassword" clientAuth="false" sslProtocol="TLS" server="Tomcat"/> keystoreFile: Specify the absolute path to the keystore file (ideally located outside the Tomcat current directory, e.g. "C:\BOC\Certificate"). keystorePass: Enter the keystore password port: Optionally set to 443; note that this requires administrative privileges. Tomcat 10.1 Remove the comment tags <!-- and -->, then update the configuration as follows: <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" SSLEnabled="true" maxParameterCount="1000" > <SSLHostConfig> <Certificate certificateKeystoreFile="C:/CompanyCert.jks" certificateKeystorePassword="YourSecurePassword" type="RSA" /> </SSLHostConfig> </Connector> certificateKeystoreFile: Specify the absolute path to the keystore file (ideally located outside the Tomcat current directory, e.g. "C:\BOC\Certificate"). certificateKeystorePassword: Enter the keystore password port: Optionally set to 443; note that this requires administrative privileges. Restart Tomcat Server:The modifications will take effect only after performing a full restart of the Tomcat service via Services (Windows) or systemctl restart tomcat (Linux). Verify Access:Open https://<Servername>:8443/<WAR_File_Name> A WAR file is a ZIP-compressed archive that contains a complete Java web applicationWithin Tomcat URLs, its name is represented as the context path (for example, /ADONIS15_0), since Tomcat automatically deploys and extracts the WAR file. It can be located in the Tomcat directory under webapps/<war-name>.war or in the extracted folder webapps/<war-name>/ Configuration suggestions Security: The Tomcat user should only have read-only access to the keystore. Base URL: Please update the Base URL in your BOC product to HTTPS Updates: Placing the certificate file outside of the current tomcat installation folder, will simplify future updates. E.g. "C:\BOC\Certificate". Further sources Apache Tomcat 9 (9.0.115) - SSL/TLS Configuration How-ToApache Tomcat 10 (10.1.52) - SSL/TLS Configuration How-To Related articles How do I migrate the Tomcat-side configuration of a BOC product? My certificate expired, what can I do? How to create an ODBC connection? ADONIS Process Simulation BOC Product Installation & Update Process (on premise)