aspose file tools*
The moose likes Tomcat and the fly likes Cannot get SSL to work Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Cannot get SSL to work" Watch "Cannot get SSL to work" New topic
Author

Cannot get SSL to work

lejdi koci
Greenhorn

Joined: Jan 07, 2013
Posts: 6
Hello everyone!
I was thinking you guys can help get ssl on tomcat7 to work. I have tried several things but no success. What i have done is:

1.Generated CSR with the keytool
2.Got certificate from digicert
3.imported cert in the keystore
4.activated the connector in server.xml as below:


5.Retart tomcat.
After I try to access https://domain/ i get unable to connect in the browser...

6.I check with

and i see that there is nothing listening on port 443...
there is no error on the catalina log.

thanks in advance for your time.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16068
    
  21

Welcome to the JavaRanch, Lejdi!

Most operating systems only allow users with root privileges to listen on ports whose numbers are less than 4096. So unless Tomcat is running as a root user, more than just SSL will not work. You would not be able to use Port 80 either.

Check the catalina.out log. You should have some messages there.


Customer surveys are for companies who didn't pay proper attention to begin with.
lejdi koci
Greenhorn

Joined: Jan 07, 2013
Posts: 6
Hi Tim, many thanks for the reply, tomcat is running under root user and catalina log file is not showing any error. I also tried with port number 8443 but no luck...
The server is actually in production serving normally on port 80 the installed web apps.
so it must be something else.
K. Gil
Ranch Hand

Joined: Apr 29, 2011
Posts: 75

Did you actually set password to "changeit"? That's java cacerts default password, not neccessary password for your cert/key.
lejdi koci
Greenhorn

Joined: Jan 07, 2013
Posts: 6
Hi K. the pass is changeit the default for the keystore of tomcat. Where do i get the password for the cert?
lejdi koci
Greenhorn

Joined: Jan 07, 2013
Posts: 6
Hi everyone, I found the problem! Actually there were two server.xml files on the system. The one I was editing was in : /opt/apache-tomcat-7.0.22/conf/server.xml but the right one was in /etc/tomcat7/server.xml. So now https is up and running(I check here:sslshopper.com/ssl-checker.html) but I still have a problem: When I access http://domain.com/myapp it is ok but when I use: https://domain.com/myapp I get HTTP 404 Error...Any ideas please..?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16068
    
  21

Are you sure you don't have 2 copies of Tomcat running at the same time?

If not, are you using a proxy such as Apache httpd to handle port 443 (https?) If you are, then you need to adjust your proxying rules.

Note that Apache's "404" page is visibly very different than the Tomcat "404" page, so you should be able to tell which server is having trouble.
lejdi koci
Greenhorn

Joined: Jan 07, 2013
Posts: 6
Hi Tim,

there is no Apache working as proxy. The 404 is definitely of Tomcat (Apache Tomcat/7.0.26 at page end). I just entered an iptables rule to redirect 443 to 8443.


pfff
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16068
    
  21

What do you get from http://domain.com:8443/myapp ?
lejdi koci
Greenhorn

Joined: Jan 07, 2013
Posts: 6
Hi Tim I get: � character on the browser...
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Cannot get SSL to work