Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cannot get SSL to work

 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone!
I was thinking you guys can help get ssl on tomcat7 to work. I have tried several things but no success. What i have done is:

1.Generated CSR with the keytool
2.Got certificate from digicert
3.imported cert in the keystore
4.activated the connector in server.xml as below:


5.Retart tomcat.
After I try to access https://domain/ i get unable to connect in the browser...

6.I check with

and i see that there is nothing listening on port 443...
there is no error on the catalina log.

thanks in advance for your time.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18163
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Lejdi!

Most operating systems only allow users with root privileges to listen on ports whose numbers are less than 4096. So unless Tomcat is running as a root user, more than just SSL will not work. You would not be able to use Port 80 either.

Check the catalina.out log. You should have some messages there.
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim, many thanks for the reply, tomcat is running under root user and catalina log file is not showing any error. I also tried with port number 8443 but no luck...
The server is actually in production serving normally on port 80 the installed web apps.
so it must be something else.
 
K. Gil
Ranch Hand
Posts: 75
Java Linux Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you actually set password to "changeit"? That's java cacerts default password, not neccessary password for your cert/key.
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi K. the pass is changeit the default for the keystore of tomcat. Where do i get the password for the cert?
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone, I found the problem! Actually there were two server.xml files on the system. The one I was editing was in : /opt/apache-tomcat-7.0.22/conf/server.xml but the right one was in /etc/tomcat7/server.xml. So now https is up and running(I check here:sslshopper.com/ssl-checker.html) but I still have a problem: When I access http://domain.com/myapp it is ok but when I use: https://domain.com/myapp I get HTTP 404 Error...Any ideas please..?
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18163
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you sure you don't have 2 copies of Tomcat running at the same time?

If not, are you using a proxy such as Apache httpd to handle port 443 (https?) If you are, then you need to adjust your proxying rules.

Note that Apache's "404" page is visibly very different than the Tomcat "404" page, so you should be able to tell which server is having trouble.
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim,

there is no Apache working as proxy. The 404 is definitely of Tomcat (Apache Tomcat/7.0.26 at page end). I just entered an iptables rule to redirect 443 to 8443.


pfff
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18163
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you get from http://domain.com:8443/myapp ?
 
lejdi koci
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Tim I get: � character on the browser...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic