Tim Holloway wrote:The cert format for Apache and the cert format for Tomcat are different. You can convert between them, but it's a pain.
More commonly, just get a cert and install it in Apache, use Apache as a reverse proxy to Tomcat (port 8009), and then Tomcat doesn't need SSL set up as long as both Tomcat and Apache are on the same secured LAN (or the same machine).
Rob Spoor wrote:I agree with Tim. SSL on Tomcat is usually only required if Tomcat is directly accessible to the outside world. If you put Apache in front of it using mod_ajp, SSL is not even used. If you put Apache in front of it using mod_proxy, having SSL will only add unnecessary slowness.
Tim Holloway wrote:DNS cannot return port numbers, only IP addresses, so when you address a server listening on a non-default port for the protocol (like Tomcat's http port 8080) you have to put that number in the URL explicitly.
Tim Holloway wrote:In Linux, the command "netstat -lnp" will identify the processes and their ports. Since 8080 and 8443 are not commonly used, you probably have another copy of Tomcat running.
Tim Holloway wrote:No, that definitely WOULD be a problem. Only one app in the OS can own given a port. Only one Connector in Tomcat can own a given port. Multiple attempts to gain that port will cause the second and subsequent attempts to fail. First come is the one and only winner.