1. Create a local Certificate:
    a. Open a Command Prompt
    b. Navigate to the directory <eems installation         directory>\server\default\conf\
    c. Run the command "mkdir ssl".
    d. Run the command "cd ssl".
    e. Run the command "keytool -genkey -alias tomcat -keyalg RSA -keystore         <your_keystore_filename> " (your_keystore_filename may be any         name that you choose. You will need this name in later steps)
    f. Fill in the information at the prompts as in the screenshot below. Note         that the "Enter your first and last name" prompt should contain the DNS         name for your website you created earlier in the "Server Naming"         section.

2. Create a Certificate Signing Request (CSR):
      a. Run the command ¡°keytool -certreq -keyalg RSA -alias tomcat -file           certreq.csr -keystore <your_keystore_filename>¡±
      b. You will be prompted for your keystore password you created in step1.
      c. Now you have a file called certreq.csr that you can submit to the          Certificate Authority.

3. Submit the CSR created in Step 2 to a Certificate Authority (e.g., Thawte,     Verisign, etc.)

4. Now that you have your Certificate you can import it into you local     keystore. First of al  you have to import a "Chain Certificate" or Root     Certificate into your keystore. After that you can proceed with importing     your Certificate.

5. Download the Root Certificate from the Certificate Authority you obtained     the Certificate from. Each certificate authority provides instructions on     their web site for obtaining their root certificate.

6. Import the Chain Certificate into you keystore
      a. Run the command ¡°keytool -import -alias root -keystore          <your_keystore_filename>-trustcacerts -file          <filename_of_the_chain_certificate>
      b. You will be prompted for your keystore password you created in step1.

7. Download your new Certificate from the Certificate Authority you obtained     the Certificate from. You will receive an email from the Certificate     Authority with download instructions. If you are given a format option for     the certificate, choose the ¡°Standard¡±  format.

8. Import your new Certificate
      a. Run the command ¡°keytool -import -alias tomcat -keystore          <your_keystore_filename> -trustcacerts -file          <your_certificate_filename>¡±
      b. You will be prompted for your keystore password you created in step1.

9. Edit the Tomcat Configuration File tomcat41-service.xml in default/deploy     folder with a text editor (e.g., notepad)
      a. Add or uncomment the following lines:
          <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
          <Connector className= "org.apache.catalina.connector.http.                     HttpConnector" port="443" minProcessors="5" maxProcessors="3375"
          enableLookups="true" acceptCount="300000000000" debug="0"           scheme="https" secure="true" address="yourdomain.com">
          <Factory className="org.apache.catalina.net.SSLServerSocketFactor           y" clientAuth="false" keystoreFile="<your-key_store-filename>"
          keystorePass="your-passwd" protocol="TLS" /> </Connector>

10. In the deploy\eems.ear\eems.war\WEB-INF folder, open the web.xml file        in a text editor (e.g., notepad)
       a. Uncomment the following lines:
            <user-data-constraint>
                  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>

11. Restart your eEMS service.