Create the keystore file for the M&R host. This file stores the tomcat server's private key and self-signed certificate.


Stop the M&R Tomcat service. For example, c:\Program Files\APG\bin\manage-modules.cmd service stop tomcat


  • Generate the keystore. For example, run this command for the M&R host if it has a Fully Qualified Domain Name (FQDN):
    C:\Program Files\Java\Sun-JRE\8.0.281\bin\keytool.exe -genkey -alias tomcat 
    -keyalg RSA -ext san=dns:localhost,dns:<M&R frontend FQDN>,ip:  -keystore C:\Program Files\APG\.keystore
    1. Enter changeit for the keystore password.
    2. When asked for your first and last name, enter the fully qualified name of the machine, for example,
    3. Answer the other questions and type yes when asked for confirmation.
    If you are using an IP address naming convention for the configuration, run this command and specify the IP address of the M&R host for < ip:x.x.x.x>.
    C:\Program Files\Java\Sun-JRE\8.0.281\bin\keytool.exe -genkey -alias tomcat -keyalg RSA -ext 
    SAN=dns:localhost,dns:,dns:<ip:x.x.x.x> -keystore C:\Program Files\APG\Web-Servers\Tomcat\Default\conf\.keystore


This creates a keystore file inside C:\Program Files\APG folder with name .keystore.