tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Beyer, Gregory L" <gregory.be...@business.gatech.edu>
Subject Tomcat answers on port 80, not on 443
Date Thu, 15 Oct 2015 17:48:19 GMT

Hello,

I'm trying to get my web app, which is otherwise running fine on port 80 to respond on SSL.  
Sorry if this is a resend.  I only just started getting list messages so my first may not
have gone.  Don't intend to bump.

Scenario:

The server in question is a Windows12 web application host running Tomcat 8.0.26.   Running
on Tomcat is a java application which accepts port 80  connections from another host across
the 'net.  I have firewall rules configured to allow port 80 and 443 traffic between the
servers.   80 This is working fine.   I'm not running IIS - only Tomcat.

However, we don't want to have our data stream exposed clear text over the internet - we need
to use SSL.

I have used %JAVA_HOME%\bin\keytool to generate a keystore and then have configured the InBound
SSL Settings in my apps config.properties file with the path to the keystore and the password. 
The # lines are variations on the path to the truststore that I have attempted unsuccessfully. 
I'm using the default certificate, below.  Webclients will not be connecting so we don't
need a commercial certificate.  This is a server to server web call.

##############################
# Inbound SSL Settings
##############################

org.apache.felix.https.enable=true
org.osgi.service.http.port.secure=443
org.apache.felix.https.keystore=E:\keystore\scilexcon
#org.apache.felix.https.keystore=./keystore/scilexcon
org.apache.felix.https.keystore.password=redacted
org.apache.felix.https.keystore.key.password= redacted
org.apache.felix.https.truststore=E:\keystore\scilexcon
#org.apache.felix.https.truststore=C:\Program Files\Java\jre1.8.0_60\lib\security\cacerts
#org.apache.felix.https.truststore=./keystore/scilexcon
org.apache.felix.https.truststore.password= redacted


I've also configured the java runtime of my application with the trustore path:

-Djavax.net.ssl.trustStore=E:\keystore\scilexcon



An http connect to my connect runtime is successful.  http://<hostname>    https://<hostname> 
   times out

Netstat -a reveals that port 443 is listening on <hostname>


Documents I have used so far is one documenting the Inbound SSL connections of my apps config
file, and the SLL documentation of Apache Tomcat  http://<hostname>8080/docs/ssl-howto.html

In my server.xml, I've unremmed the connector section and changed the connector port to 443:


<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    

         Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

I've looked through my logs, but don't find anything to indicate why it just clocks until
timing out.  Maybe I'm missing something?

Having read the SSL howto, I don't think I've missed anything.   

Thanks for your help.


__________________________________________
Gregory Beyer
gbeyer3@gatech.edu


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message