5 months ago

## Using self-signed OpenSSL pem with Docker Tomcat

It is possible to use pem-style certificates with Tomcat Docker image, without any need to store them first into the Java keystore. This is excellent since not only it is easier to generate self-signed certificate with the openssl command, this can also be used with certificates produced by Let's Encrypt.

Let's first see how to use the self-signed keys with the Tomcat Docker 9 image. First we generate the self-signed certificate:

Specify "changeit" as a password (or any other password of your chosing); the Common Name/FQDN is your domain, say, testing.com.

Place the generated localhost-rsa-*.pem files into a ssl/ folder. Now create the following docker-compose.yml file:

Place the following server.xml file next to the docker-compose.yml file:

The directory structure should look like this:

That's it - just run docker-compose up in the . folder and Tomcat should boot up. Now you can visit https://localhost:8443 and the browser should warn you about the self-signed certificate - just store an exception for the site and you should see the Tomcat welcome page served over https.