Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

How to Setup HTTPS on Tomcat for Liferay Portal 6.2 and DXP 7.0

Written By

Liferay Support

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles is the responsibility of the subscriber.

This article will describe how to set up HTTPs on Tomcat without using an external server like Apache. There is an existing wiki on the public wiki page that is available, but what follows is a more user-friendly guide to HTTPs setup.

Environment

  • Liferay DXP 7.0
  • Liferay Portal 6.2 EE

Resolution

Create a self-signed certificate using keytool.

  1. Open up command prompt in your tomcat folder (e.g. C:\liferay\bundles\liferay-portal-6.0-ee\tomcat-6.0.29) and type in the following command: keytool -genkey -alias tomcat -keyalg RSA -keystore keystore
  2. It will now prompt you for some information. It doesn't matter what you use for the different fields but make sure to use changeit as the password.
  3. Enter keystore password: changeit 
  4. Re-enter new password: changeit 
  5. What is your first and last name?
    • [Unknown]: joe bloggs
  6. What is the name of your organizational unit?
    • [Unknown:] liferay 
  7. What is the name of your organization?
    • [Unknown]: liferay inc 
  8. What is the name of your City or Locality?
    • [Unknown]: diamond bar 
  9. What is the name of your State or Province?
    • [Unknown]: ca 
  10. What is the two-letter country code for this unit?
    • [Unknown]: us
  11. CN=joe bloggs, OU=liferay, O=liferay inc, L=diamond bar, ST=ca, C=us correct? [no]: yes

keystore_generation_01.png

Now, Configure Tomcat to use the certificate we just generated. Edit TOMCAT_HOME\conf\server.xml.

xml_file_02.png

Uncomment the SSL section and add in the keystoreFile parameter so that it looks like this:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:/liferay/bundles/liferay-portal-6.0-ee/tomcat-6.0.29/keystore" keystorePass="changeit" />

xml_edit_03.png

Now we'll be importing the certificate into the JVM's keystore. This tells the JVM that this is a "trusted" certificate so that when Liferay makes https requests to Tomcat it will proceed without errors:

Export the key from the keystore you generated in step 1. This extracts the certificate so that you can import it into the JVM's store

keytool -export -alias tomcat -keypass changeit -file server.crt -keystore keystore

Key_export_04.png

Import the cert into the JVM. "cacerts" is the filename of the JVM keystore. (should be in %JAVA_HOME%\jre\lib\security\cacerts)

JVM_import_05.png

keytool -import -alias tomcat -file server.crt -keypass changeit -keystore "C:\Program Files\Java\jre6\lib\security\cacerts"

*Depending on your local configuration, you may have to change access permissions for the cacerts file.

keystore_confirm_06.png

You should now be able to access the website using https://localhost:8443

Additional Information

  • To set the entire site to use HTTPS, set this in portal-ext.properties: web.server.protocol=https
  • To set only the login page to be HTTPS, set this iin portal-ext.properties: company.security.auth.requires.https=true
  • Within an SSL production environment, if you receive a "Certificate Error" that defines your SSL certificate as not a "Trusted Root", you may need to obtain a digital signature from a certificate authority provider.
  • See also: How to Configure HTTPS in Tomcat for Liferay DXP 7.3
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?