Configuring Tomcat with SSL on server

0
votes

I am trying to configure tomcat with the SSL on server (Because i need to make a request through https). I followed these steps-: 1). generating a keystore 

  $Tomcat\bin>keytool -genkey -alias mkyong -keyalg RSA -keystore    
  c:\mkyongkeystore
  Enter keystore password:
  Re-enter new password:
  What is your first and last name?
   [Unknown]:  yong mook kim
  What is the name of your organizational unit?
  //omitted to save space
  [no]:  yes

  Enter key password for <mkyong>
    (RETURN if same as keystore password):
  Re-enter new password:

   $Tomcat\bin>

2). configuring tomcat with keystore by adding a connector In server.xml

       <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
       keystoreFile="/var/lib/tomcat7/webapps/key/mykeystore"
       keystorePass="password" />

then I tried to open the https://[host]:8443/ But its still shows This page can’t be displayed

But when I tried the same method for localhost then it worked. Why its not working on server WEB PAGE

enter image description here

2
javatomcatsslservertomcat7
You added the SSL config to the connector that is listening on port 8080 and tried to access tomcat on port 8443? That won't work. Either add a second connector for a different port (f.e. 8443) for SSL or use 8080, if you don't need to support HTTPS and HTTP connections.dpr
that's just a misprint . sorry for thatMudit
Do you have some firewall in place that blocks access to port 8443 from remote? It may as well be possible that another process is already listening on 8443. If this is the case, there should be an error in the tomcat logs.dpr
stackoverflow.com/questions/37814861/… This was my main problem, But I got a comment to configure port with SSLMudit
Any suggestions @user1516873Mudit

2 Answers

0
votes

Here are some quotes from Tomcat documentation on setting HTTPS:

Tomcat can use two different implementations of SSL:

the JSSE implementation provided as part of the Java runtime (since 1.4)
the APR implementation, which uses the OpenSSL engine by default.
...

As configuration attributes for SSL support significantly differ between APR vs. JSSE implementations, it is recommended to avoid auto-selection of implementation. It is done by specifying a classname in the protocol attribute of the Connector.

To define a Java (JSSE) connector, regardless of whether the APR library is loaded or not, use one of the following:

<!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO implementation -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
       port="8443" .../>

My understanding on that is that you should try to use a classname for the protocol attribute:

   <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
       SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" 
   keystoreFile="/var/lib/tomcat7/webapps/key/mykeystore"
   keystorePass="password" />
-1
votes

I think better you can redirect the tomcat port to IIS,in IIS you can easily enable HTTPS.

https://tomcat.apache.org/connectors-doc/webserver_howto/apache.html