tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose María Zaragoza <demablo...@gmail.com>
Subject Re: Tomcat SSL issue
Date Mon, 09 Oct 2017 16:25:24 GMT
2017-10-09 17:01 GMT+02:00 John Ellis <john.ellis@lsgsolutions.com>:

> I posted questions about this a couple of weeks ago I think it was. I have
> been trying to get Tomcat running on a secure port with a valid SSL
> certificate. We finally got version 9.0.0.M20 setup successfully on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I go
> through all the steps using the keytool commands to submit a certificate
> (we use Cacert.org) and try to plug that certificate into the mix it
> doesn’t work. I still get an error message telling me that I will have to
> create an exception to go to that IP address and port. Last Friday I even
> deleted the certificate and all the keystore file, etc. and got the same
> exact error. So it appears that Tomcat is not seeing the certificate at all
> since I get the same error about having to add an exception whether or not
> I have a valid certificate in place on the server.
>
> The lines we added to the server.xml file to get the secure port working
> are-
>
>
>
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
>
>               maxThreads="150" scheme="https" secure="true"
>
>               clientAuth="false" sslProtocol="TLS"
>
>                     keystoreFile="/home/tomcat9.0.
> 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
>
>                     keystorePass="changeit" />
>


Maybe you should use <SSLHostConfig> element, do you ?

Read:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

Each secure connector must define at least one *SSLHostConfig*





>
>
> John Ellis
>
>
>
> 405.285.2500 office
>
>
>
> [image: United States]
>
> [image: bize-logo-rgb-original_Ryan_Revised_portal size]    [image:
> cid:image002.jpg@01CECFDA.65B42CD0]
>
>
>
> http://biz-e.io
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message