tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Blaxton <blaxx...@yahoo.com>
Subject Re: Change Default SSL port on Tomcat
Date Fri, 16 Dec 2011 10:25:41 GMT




________________________________
 From: Pid <pid@pidster.com>
To: Tomcat Users List <users@tomcat.apache.org> 
Sent: Friday, December 16, 2011 12:35:24 PM
Subject: Re: Change Default SSL port on Tomcat
 
On 16/12/2011 08:47, Blaxton wrote:
> 
> 
> 
> 
> ________________________________
>  From: Pid * <pid@pidster.com>
> To: Tomcat Users List <users@tomcat.apache.org> 
> Sent: Friday, December 16, 2011 10:59:02 AM
> Subject: Re: Change Default SSL port on Tomcat
>  
> On 16 Dec 2011, at 03:28, Blaxton <blaxxton@yahoo.com> wrote:
> 
>> Hi
>>
>> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>>
>> uncommented Connector port=8443 and by adding required fields in web.xml
>> accessing secured pages would be forwarded to https with port 8443,
>> but when I change the port from 8443 to 443, the same URL that was
>> working with 8443, I get "Secure Connection Failed"
>>
>> is there any thing else I need to do to change the default SSL port ?
>>
>>
>> did following steps to change the SSL port from Tomcat default to 443 but got
>>
>>
>> 1-  Generated /root/.keystore with following command:
>> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>>
>>
>> 2- then uncommented following lines in server.xml
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS" />
> 
> Did you add the keystore to the connector?
> 
> 
> p
> 
>>
>> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>>
>>
>> 4- restarted tomcat
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> yes, I did add the keystore to the connector as well and didn't work either.
> as a matter of fact I followed following link step by step
> 
> http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/
> 
> with keystore placed in Connector, I get following error in browser :
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
> 
> and nothing shows up in mod_jk.log
> 
> with no keystore and default port 8443 in all Connectors either AJP 
> or SSL port, every thing is working fine, and I get the certificate
> from the secured page and forwarded to https but as soon as I change
> the AJP Connector redirectport to 443, I get following error
> in mod_jk.log file:
> 
> Secure Connection Failed
> An error occurred during a connection to mydomain.com.
> Peer's certificate has an invalid signature.
> 
> with following config :
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
> following error shows up in mod_jk.log file:
> connecting to back end failed. Tomcat is probably not started or is listening on the
wrong port (errno=61)
> 
> again and finally , with
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> everthing works fine and I will be forwarded to secure http and no problem.
> 
> I think this has to do with mod_jk , this is the mod_jk that can not connect to port
443
> when default port is changing to 443.
> 
> to make sure , I added the required JkMount /* to vhost1_httpd.conf for port 443 as well.
> 
> one question :
> according to following url :
> 
> To define a Java (JSSE) connector, regardless of whether the APR library
>  is loaded or not do:
> I need to have one of the following in server.xml file:
> 
> 
> <-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> port="8443" .../>
> 
> <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443" .../>
> 
> 
> 
> I added following lines to server.xml
> 
> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" />
> 
> but this time the browser shows:
> The connection was interrupted
> 
> and nothing shows up in mod_jk.log.

Sorry, I read this on my phone I missed the first bit.

If you're using mod_jk/AJP then you do the SSL decoding before sending
traffic to Tomcat.

HTTPD:80  -->
                Tomcat:8009
HTTPD:443 -->

You should configure SSL on HTTPD instead.


p


-- 

[key:62590808]


Thank you pid,

I looked in Catalina.out and found out 443 port is already in use error
and I had listen 443 in apache, so removed it and now tomcat
comes up and all is good.

I am not sure if it is better to serve ssl and https through Tomcat or Apache ?
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message