Connection refused after installing SSL certificates into tomcat server

0
votes

I got 3 security certificates from godaddy.

1.gdig2.crt --- intermediate certificate

2.gd_bundle-g2-g1.crt ---- root certificate

3.731e59c245c09675.crt ----- certificate issued

I created keystore using keytool and cofigured all three above certificates like this.

1.configuring root certificate

keytool -import -alias root -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/gd_bundle-g2-g1.crt

2.configuring intermediated certificate

keytool -import -alias intermed -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/gdig2.crt

3.configuring other certificate

keytool -import -alias tomcat -keystore /home/ec2-user/Temp/keystoreft -trustcacerts -file /home/ec2-user/Temp/731e59c245c09675.crt

configuring tomcat to use ssl certificates in server.xml file

 <connector port="8443" protocol="HTTP/1.1" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/home/ec2-user/Temp/keystoreft" keystorePass="12345678" clientAuth="false" keyAlias="keystoreft" sslProtocol="TLS"/>

when i try to access the website it is giving error connection refused exception on browser.

4
javatomcatssl

4 Answers

3
votes

'Connection refused' has nothing to do with certificates or SSL whatsoever. It means there was nothing listening at the IP:port named. Check your Connector configuration in server.xml. Note that it is listening on 8443, not 443 which is the default, so you have to include :8443 in the URL.

In step 3 you are presumably importing your own signed certificate, in which case you must (a) omit the -trustcacerts argument and (b) use the same alias that you did when generating the key pair and CSR.

1
votes

I was facing same issue in Tomcat9 after following the documentation from CA. I fixed them as follows

Add the following configuration in server.xml

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" 
       disableUploadTimeout="true" enableLookups="false" 
       keystoreFile="<jks_file_name>" keystorePass="<password>" 
       maxThreads="25" port="8443" 
       protocol="org.apache.coyote.http11.Http11NioProtocol" 
       scheme="https" secure="true" sslProtocol="TLS"/>
0
votes

I ran into the same problem, the issue is Wrong Keystore Password.

Updating the keystore password will solve the issue. Also look in your logs to see more details.

-2
votes

Please use 8443 in the url of the browser it should work.

Also ensure you have opened 8443 in the server security settings or firewall, Note if you are using AWS, then plz make sure HTTPS is opened for inbound access.

third, if you think u need to map 8443 to port 80 (default one). use the below command.

Changing traffic:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443 <br>

Remove routing:

iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8443 <br>

Make sure that if you aren't admin or root, just add sudo.