How can I setup SSL in Tomcat9?

I have tried to install SSL on tomcat 9 on port 8443. However, I do not know if tomcat support pem or crt format SSL.

I have made changes into server.xml but when start tomcat I am getting the below error in catelina.out logs.

Below is my server.xmaconfiguration.

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/privkey.key"
                         certificateFile="conf/fullchain.crt"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

Tomcat error logs

org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
17-Nov-2021 14:58:19.826 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-8443]]
    org.apache.catalina.LifecycleException: Protocol handler initialization failed
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:304)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)
    Caused by: java.lang.IllegalArgumentException
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:218)
        at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1124)
        at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1137)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:574)
        at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
        ... 13 more
    Caused by: java.lang.NullPointerException
        at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:101)
        at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:74)
        at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:303)
        at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
        at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
        at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:

Tomcat is notorious for being difficult with SSL. My advice: put a reverse proxy in front of it for SSL handling.

There's a wide choice of software packages that can serve as a reverse proxy. Two of the more popular ones are Apache and Nginx. Choose one, install it on the same machine as your Tomcat server and configure it to accept HTTPS requests on a port of your choice and forward them as HTTP to your Tomcat HTTP port.

Tutorials for setting up Apache or Nginx as an SSL reverse proxy are readily available in many places, for example here and here.