To use an TLS certificate with Tomcat, you need to store it in a Java keystore File. You can generate both the keystore and the certificate using the Java command keytool. Step 0: Find your keytool Make sure you have Java and keytool command (ships with Java) installed. If you installed the JDK or JRE yourself it may not be in your $PATH. For example, my keytool is in .