tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Beyer, Gregory L" <>
Subject RE: Tomcat answers on port 80, not on 443
Date Thu, 29 Oct 2015 12:26:09 GMT
Thank you, Chris.   You've cut it down to the crux which, in my ignorance of felix vs Tomcats
role,  I didn't understand.  Essentially, chasing the solution in Tomcat is a red herring.
 Looking at the apps config file, it references "org.apache.felix.https" several times which
is a strong sign that Felix Is _supposed_ to handle the SLL, but it's not working as it should.
 I'll go back to the app's developer with the problem.

Gregory Beyer

-----Original Message-----
From: Christopher Schultz [] 
Sent: Wednesday, October 28, 2015 3:31 PM
To: Tomcat Users List <>
Subject: Re: Tomcat answers on port 80, not on 443


On 10/27/15 1:57 PM, Beyer, Gregory L wrote:
> Still struggling with this.   I'm amazed that implementing SSL in
> Tomcat is so difficult.  It's not in straight Apache, or IIS.  Is 
> Tomcat really so different an animal?

No, Tomcat is not so different an animal. But you aren't using Tomcat.
You are using Apache Felix + your application + who knows what else + Tomcat and asking why
"Tomcat" won't configure your TLS correctly.

Configuring a <Connector> in Tomcat's conf/server.xml file is fairly straightforward.
Instead, you have decided to create a <Connector> with no TLS configuration and then
expect Tomcat to somehow infer the /real/ TLS configuration information from some arbitrary
file where you just happen to have specified the keystore path on the disk.

This is a question that YOU need to answer before anyone can offer you help here: is Apache
Felix responsible for configuring Tomcat's TLS connector or not? If you don't know the answer,
find someone on your team who DOES know the answer and I suspect you'll have 50% of the way
to your solution.

> I tried changing \\Program files  to \\progra~1\ -- no joy.    :-(

This shouldn't matter.

> A question I posed last week that got overlooked -- Am I supposed to 
> import the .keystore into my cacerts file?  When I open the cacerts 
> file that came with the java install,  it contains  30-40 certifs
> (key-pairs?)   that I didn't create.

You should pretty much never modify cacarts.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message