• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Cannot get SSL to work

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone!
I was thinking you guys can help get ssl on tomcat7 to work. I have tried several things but no success. What i have done is:

1.Generated CSR with the keytool
2.Got certificate from digicert
3.imported cert in the keystore
4.activated the connector in server.xml as below:


5.Retart tomcat.
After I try to access https://domain/ i get unable to connect in the browser...

6.I check with

and i see that there is nothing listening on port 443...
there is no error on the catalina log.

thanks in advance for your time.
 
Bartender
Posts: 20836
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Lejdi!

Most operating systems only allow users with root privileges to listen on ports whose numbers are less than 4096. So unless Tomcat is running as a root user, more than just SSL will not work. You would not be able to use Port 80 either.

Check the catalina.out log. You should have some messages there.
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim, many thanks for the reply, tomcat is running under root user and catalina log file is not showing any error. I also tried with port number 8443 but no luck...
The server is actually in production serving normally on port 80 the installed web apps.
so it must be something else.
 
Ranch Hand
Posts: 75
Tomcat Server Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you actually set password to "changeit"? That's java cacerts default password, not neccessary password for your cert/key.
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi K. the pass is changeit the default for the keystore of tomcat. Where do i get the password for the cert?
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone, I found the problem! Actually there were two server.xml files on the system. The one I was editing was in : /opt/apache-tomcat-7.0.22/conf/server.xml but the right one was in /etc/tomcat7/server.xml. So now https is up and running(I check here:sslshopper.com/ssl-checker.html) but I still have a problem: When I access http://domain.com/myapp it is ok but when I use: https://domain.com/myapp I get HTTP 404 Error...Any ideas please..?
 
Tim Holloway
Bartender
Posts: 20836
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you sure you don't have 2 copies of Tomcat running at the same time?

If not, are you using a proxy such as Apache httpd to handle port 443 (https?) If you are, then you need to adjust your proxying rules.

Note that Apache's "404" page is visibly very different than the Tomcat "404" page, so you should be able to tell which server is having trouble.
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,

there is no Apache working as proxy. The 404 is definitely of Tomcat (Apache Tomcat/7.0.26 at page end). I just entered an iptables rule to redirect 443 to 8443.


pfff
 
Tim Holloway
Bartender
Posts: 20836
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you get from http://domain.com:8443/myapp ?
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim I get: � character on the browser...
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!