tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Blaxton <blaxx...@yahoo.com>
Subject Re: Change Default SSL port on Tomcat
Date Fri, 16 Dec 2011 08:47:51 GMT




________________________________
 From: Pid * <pid@pidster.com>
To: Tomcat Users List <users@tomcat.apache.org> 
Sent: Friday, December 16, 2011 10:59:02 AM
Subject: Re: Change Default SSL port on Tomcat
 
On 16 Dec 2011, at 03:28, Blaxton <blaxxton@yahoo.com> wrote:

> Hi
>
> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>
> uncommented Connector port=8443 and by adding required fields in web.xml
> accessing secured pages would be forwarded to https with port 8443,
> but when I change the port from 8443 to 443, the same URL that was
> working with 8443, I get "Secure Connection Failed"
>
> is there any thing else I need to do to change the default SSL port ?
>
>
> did following steps to change the SSL port from Tomcat default to 443 but got
>
>
> 1-  Generated /root/.keystore with following command:
> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>
>
> 2- then uncommented following lines in server.xml
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />

Did you add the keystore to the connector?


p

>
> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>
>
> 4- restarted tomcat

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



yes, I did add the keystore to the connector as well and didn't work either.
as a matter of fact I followed following link step by step

http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/

with keystore placed in Connector, I get following error in browser :
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

and nothing shows up in mod_jk.log

with no keystore and default port 8443 in all Connectors either AJP 
or SSL port, every thing is working fine, and I get the certificate
from the secured page and forwarded to https but as soon as I change
the AJP Connector redirectport to 443, I get following error
in mod_jk.log file:

Secure Connection Failed
An error occurred during a connection to mydomain.com.
Peer's certificate has an invalid signature.

with following config :
Connector port="8443" and
<Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
following error shows up in mod_jk.log file:
connecting to back end failed. Tomcat is probably not started or is listening on the wrong
port (errno=61)

again and finally , with
Connector port="8443" and
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
everthing works fine and I will be forwarded to secure http and no problem.

I think this has to do with mod_jk , this is the mod_jk that can not connect to port 443
when default port is changing to 443.

to make sure , I added the required JkMount /* to vhost1_httpd.conf for port 443 as well.

one question :
according to following url :

To define a Java (JSSE) connector, regardless of whether the APR library
 is loaded or not do:
I need to have one of the following in server.xml file:


<-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" .../>

<-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" .../>



I added following lines to server.xml

<!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" />

but this time the browser shows:
The connection was interrupted

and nothing shows up in mod_jk.log.

 











port="8443" .../>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message