Tomcat 8 cannot find my keystore for enabling https

0
votes

I am trying to enable HTTPS on my local stand-alone tomcat 8.5.20. Ive seen various questions about the error, but none of them seemed to help

These are the steps I took : 1) "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA -keystore C:\tomcat\conf\mykeystore.jks Enter keystore password ABCDEF . . Enter key password for ( pressed return )

Note that I do not do an openSSL prior to this step...

2) "%JAVA_HOME%\bin\keytool" -importkeystore -srckeystore C:\tomcat\conf\mykeystore.jks -destkeystore C:\tomcat\conf\mykeystore.jks - deststoretype pkcs12

3) Add the following to server.xml ( the initial commented out SSL had certificateKeystoreFile but when i looked at apache, they did not list that as an option ive also removed the keystorePass since that wasnt in the original ):

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >
    <SSLHostConfig>
        <Certificate keystoreFile="conf/mykeystore.jks" keystorePass="ABCDEF"
                     type="RSA"/>
    </SSLHostConfig>
</Connector>

4) Restarted tomcat.

5) In chrome typed in "https://localhost:8443/myapp" and it just times out.

6) In the catalina.log i get : Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio-8443"]

I also edited the starting parameters for tomcat and added

-Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStore=c:\tomcat\conf\mykeystore.jks

even https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html looks different then what is in my server.xml

1
tomcatsslhttpskeytool
There are significative differences between version 8.0 and 8.5 that you're using , see : tomcat.apache.org/tomcat-8.5-doc/ssl-howto.htmlEugène Adell
Follow the documentation above, remove the SSLHostConfig tag.Eugène Adell
Hm. Cut&Pasted from the 8-05 doc ( thanks for pointing that out ) and changed the keystoreFile to conf/mykeystore.jks but that didnt work. if i just do "conf/mykeystore.jks" it will look under tomcat's root correct?Andrew S
Yes, unless you changed TOMCAT_BASE variable in catalina.bat or setenv.batEugène Adell
Ok thanks. Finally managed it to "accept" the connection. I was having a brain freeze until i realized i needed to change the password to the password of my keystore :( For some reason i thought that there were odd reasons for always having password be "changeit", i would have expected <> or [] or {} to denote my info )Andrew S

1 Answers

0
votes

Create folder in webapps that its name is 8443 and rename war file to root.war and paste war file. then edit server.xml:

<Service name="Catalina8443">
      <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"  clientAuth="false" sslProtocol="TLS"
               keystoreFile="conf/certificate.jks" keystorePass="password"
               />
      <Engine name="Catalina8443" defaultHost="localhost">
          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

          <Host name="localhost" appBase="webapps/8443"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">

          </Host>
      </Engine>
</Service>