Create the keystore file for the M&R host. This file stores the Tomcat server's private key and self-signed certificate.


Stop the M&R Tomcat service. For example, opt/APG/bin/ service stop tomcat


  • Generate the keystore. For example, run this command for the M&R host if it has a Fully Qualified Domain Name (FQDN):
    /opt/APG/Java/Sun-JRE/<Java-Version>/bin/keytool -genkey -alias tomcat
    -keyalg RSA -ext san=dns:localhost,dns:<M&R frontend FQDN>,ip: -keystore /opt/APG/.keystore
    1. Enter changeit for the keystore password.
    2. When asked for your first and last name, enter the fully qualified name of the machine, for example,
    3. Answer the other questions and type yes when asked for confirmation.
    If you are using an IP address naming convention for the configuration, run this command and specify the IP address of the M&R host for < ip:x.x.x.x>.
    /opt/APG/Java/Sun-JRE/<Java-Version>/bin/keytool -genkey -alias tomcat 
    -keyalg RSA -ext SAN=dns:localhost,ip:x.x.x.x,ip: -keystore /opt/APG/Web-Servers/Tomcat/Default/conf/.keystore


This creates a keystore file inside /opt/APG folder with name .keystore. This is a hidden file in Linux.