Learn how to create the Tomcat server keystore file and certificate.


  • Issue the command to generate the keystore file.
    For example: run this command for the SAM host if it has a Fully Qualified Domain Name (FQDN):
    <<Base_Dir>>/SAM/smarts/jre/bin/keytool -genkey -alias
    tomcat -keyalg RSA
    To specify a different location or filename, add the -keystore parameter
    followed by the complete pathname to the keystore file. For example,
    <<Base_Dir>>/SAM/smarts/jre/bin/keytool -genkey -alias
    tomcat -keyalg RSA
    -keystore <<Base_Dir>>/SAM/smarts/.keystore -ext SAN=ip:<y.y.y.y>
    • Enter Changeit for keystore password.
    • When asked for your first and last name, enter the fully qualified name of the machine.

      For example: itops-dev-204.lss.emc.com.

    • Answer the other questions and type yes when asked for confirmation.


This creates a keystore file inside <<Base_Dir>>/SAM/smarts folder with name .keystore.

What to do next

Export the cert.

<<Base_Dir>>/SAM/smarts/jre/bin/keytool -export -keystore <<Base_Dir>>/SAM/smarts/.keystore -storepass changeit -alias tomcat -rfc > /root/sam.crt

Note: Copy /root/sam.crt to /opt/ssl in Eventstore server machine.