• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat & SSL - "Empty reply from server"

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I've been stuck for days with this, researched a lot on Google, tried many things, but it's still a no-go.
I believe I've done the config right, but browsing https://localhost:8443 does still return nothing...
Tried many browsers on different computers... it's definitely a server issue.

More info:
======

# Error messages:
> on IE: "There is a problem with this website’s security certificate" (expected, as the cert's CN is not "localhost") but when clicking "Continue to this website (not recommended)", it ends up on "This page can’t be displayed".
> on FF: "Your connection is not secure", but going to Advanced > Add Exception... it ends up as way the same way on "Secure Connection Failed".
> On Chrome: "The localhost page isn't working"; "localhost didn't send any data"; "ERR_EMPTY_RESPONSE".
> Using CURL from a Linux client:
* Empty reply from server
* Connection #0 to host 170.127.58.55 left intact
curl: (52) Empty reply from server


# I have no problem browsing to http://localhost:8080 - the page displays as expected in all browsers.

# Environment:
Windows 2008 Server
Tomcat 7.0.39
Firewall turned off

# Followed the procedure to activate SSL as given in the Tomcat documentation, using the JSSE / Keystore method.
# I can access the keystore with the alias given, and see the server and root certificates in it.
# OpenSSL check to the site works fine; the certificates are returned as expected.

# Catalina log shows nothing when browsing to the https page (it does when browsing through http). You can see below that both 8080 and 8443 ports seem to have been correctly initiated:

Jul 06, 2016 7:19:08 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-0.0.0.0-8080"]
Jul 06, 2016 7:19:08 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-0.0.0.0-8443"]
Jul 06, 2016 7:19:08 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Jul 06, 2016 7:19:08 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 6665 ms


# Here is some info & warnings during Tomcat start-up; I'm not sure it's relevant:

Jul 06, 2016 7:18:59 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Cybertrust\UniCERT\jdk\jre\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Oracle\product\11.2.0\dbhome_1\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Cybertrust\UniCERT\Common;C:\Cybertrust\UniCERT\Publisher;C:\Cybertrust\UniCERT\Publisher\ServiceDlls;C:\Windows\System32\WindowsPowerShell\v1.0\;.
Jul 06, 2016 7:18:59 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxthreads' to '25' did not find a matching property.
Jul 06, 2016 7:18:59 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Valve} Setting property 'resolvehosts' to 'true' did not find a matching property.
Jul 06, 2016 7:18:59 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'debug' to '0' did not find a matching property.


# In the "localhost_access_log.2016-07-06" file, see below 3 latest attempts from different machines:

0:0:0:0:0:0:0:1 - - [01/Jan/1970:00:59:59 +0100] "-" 400 -
170.127.58.8 - - [01/Jan/1970:00:59:59 +0100] "-" 400 -
170.127.58.52 - - [01/Jan/1970:00:59:59 +0100] "-" 400 -


Why is Tomcat returning 400 errors?
What is that ridiculous date doing in these logs, BTW?

# The following lines (between others) can be seen in the "netstat -an" results on the server:

TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING
TCP [..]:8080 [..]::0 LISTENING
TCP [..]:8443 [..]::0 LISTENING


# server.xml connector config below. It was quite simple at the beginning but tried adding a couple of parameters suggested in other forum posts I've found. Still, no luck, it's never worked.

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="True" enableLookups="false" maxthreads="25"
port="8443" keystoreFile="C:\Cybertrust\UniCERT\tomcat\apache-tomcat-7.0.39\#SSL\#KeyStore.jks" keystorePass="password" keystoreType="JKS"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS"
address="0.0.0.0" maxHttpHeaderSize="8192" />


Of course, I stop and restart Tomcat after making changes there.
Any suggestion / magic that would fix this? :-)

Thanks in advance for your help,
Chris.
 
Chris Tillon
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, I've finally found the one responsible in the connector:

protocol="org.apache.coyote.http11.Http11NioProtocol"

changed to:

protocol="HTTP/1.1"

Problem solved! :-)
reply
    Bookmark Topic Watch Topic
  • New Topic