You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Hubert Hickman <hu...@gmail.com> on 2016/01/29 18:09:20 UTC
Tomcat https answers by hostname, but not by IP number
I am running Tomcat 7.0.67 on RHEL 6.7
I have a tomcat app that is deployed and listening on port 6443 for https
traffic.
tomcat answers fine by request URLS of the form https://hostname:port/rest of
URL/etc. However, it does not answer on https://IP <https://ip/>
Number:port/rest
of URL/etc EXCEPT for tests I run from the server itself.
[myuser@adifferenthost ~]$ curl -vk https://IP NUMBER:6443/<rest
ofURL>* About to connect() to IP NUMBER port 6443 (#0)* Trying IP
NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
(#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
#0* SSL connect error
curl: (35) SSL connect error
By convention, the other applications that connect to this port
connect via IP number, not hostname. Not sure what I am missing in
the setup or certificates ?
Thanks!
Hubert
Re: Tomcat https answers by hostname, but not by IP number
Posted by Mark Thomas <ma...@apache.org>.
On 29/01/2016 17:36, Hubert Hickman wrote:
> Hi Dave !
>
>
> The app is specified to run on 6443 - with openings in firewalls between
> installations only for this port. Tomcat does answer and return data if
> the call is made by hostname to port 6443 - just not by IP number to port
> 6443.
>
> Regular Apache is running https on 443 and works fine.
>
> https:<hostname>:6443/yadayada works.
> https:<IP number>:6443/yadayada does not work.
Define doesn't work. Some clients may simply drop the connection because
the host name used to connect doesn't match the name on the certificate.
Wireshark will give you a better idea of what is going on.
Mark
>
> On Fri, Jan 29, 2016 at 11:28 AM, David kerber <dc...@verizon.net> wrote:
>
>> On 1/29/2016 12:09 PM, Hubert Hickman wrote:
>>
>>> I am running Tomcat 7.0.67 on RHEL 6.7
>>>
>>> I have a tomcat app that is deployed and listening on port 6443 for https
>>> traffic.
>>>
>>> tomcat answers fine by request URLS of the form https://hostname:port/rest
>>> of
>>> URL/etc. However, it does not answer on https://IP <https://ip/>
>>>
>>
>> That's because 6443 is not the standard port for HTTPS. If you just say
>> https://<whatever>, without specifying the port, it will go to 443. It
>> will work if you use https://ip:port.
>>
>>
>> Number:port/rest
>>> of URL/etc EXCEPT for tests I run from the server itself.
>>>
>>> [myuser@adifferenthost ~]$ curl -vk https://IP NUMBER:6443/<rest
>>> ofURL>* About to connect() to IP NUMBER port 6443 (#0)* Trying IP
>>> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
>>> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
>>> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
>>> #0* SSL connect error
>>> curl: (35) SSL connect error
>>>
>>> By convention, the other applications that connect to this port
>>> connect via IP number, not hostname. Not sure what I am missing in
>>> the setup or certificates ?
>>>
>>> Thanks!
>>>
>>> Hubert
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat https answers by hostname, but not by IP number
Posted by Hubert Hickman <hu...@gmail.com>.
Hi Dave !
The app is specified to run on 6443 - with openings in firewalls between
installations only for this port. Tomcat does answer and return data if
the call is made by hostname to port 6443 - just not by IP number to port
6443.
Regular Apache is running https on 443 and works fine.
https:<hostname>:6443/yadayada works.
https:<IP number>:6443/yadayada does not work.
On Fri, Jan 29, 2016 at 11:28 AM, David kerber <dc...@verizon.net> wrote:
> On 1/29/2016 12:09 PM, Hubert Hickman wrote:
>
>> I am running Tomcat 7.0.67 on RHEL 6.7
>>
>> I have a tomcat app that is deployed and listening on port 6443 for https
>> traffic.
>>
>> tomcat answers fine by request URLS of the form https://hostname:port/rest
>> of
>> URL/etc. However, it does not answer on https://IP <https://ip/>
>>
>
> That's because 6443 is not the standard port for HTTPS. If you just say
> https://<whatever>, without specifying the port, it will go to 443. It
> will work if you use https://ip:port.
>
>
> Number:port/rest
>> of URL/etc EXCEPT for tests I run from the server itself.
>>
>> [myuser@adifferenthost ~]$ curl -vk https://IP NUMBER:6443/<rest
>> ofURL>* About to connect() to IP NUMBER port 6443 (#0)* Trying IP
>> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
>> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
>> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
>> #0* SSL connect error
>> curl: (35) SSL connect error
>>
>> By convention, the other applications that connect to this port
>> connect via IP number, not hostname. Not sure what I am missing in
>> the setup or certificates ?
>>
>> Thanks!
>>
>> Hubert
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat https answers by hostname, but not by IP number
Posted by David kerber <dc...@verizon.net>.
On 1/29/2016 12:09 PM, Hubert Hickman wrote:
> I am running Tomcat 7.0.67 on RHEL 6.7
>
> I have a tomcat app that is deployed and listening on port 6443 for https
> traffic.
>
> tomcat answers fine by request URLS of the form https://hostname:port/rest of
> URL/etc. However, it does not answer on https://IP <https://ip/>
That's because 6443 is not the standard port for HTTPS. If you just say
https://<whatever>, without specifying the port, it will go to 443. It
will work if you use https://ip:port.
> Number:port/rest
> of URL/etc EXCEPT for tests I run from the server itself.
>
> [myuser@adifferenthost ~]$ curl -vk https://IP NUMBER:6443/<rest
> ofURL>* About to connect() to IP NUMBER port 6443 (#0)* Trying IP
> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
> #0* SSL connect error
> curl: (35) SSL connect error
>
> By convention, the other applications that connect to this port
> connect via IP number, not hostname. Not sure what I am missing in
> the setup or certificates ?
>
> Thanks!
>
> Hubert
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat https answers by hostname, but not by IP number
Posted by Jeff Jennings <jj...@gmail.com>.
quick question.
in tomcat can I username/password protect directories with .htaccess like I
can in Apache?
On Fri, Jan 29, 2016 at 12:09 PM, Hubert Hickman <hu...@gmail.com>
wrote:
> I am running Tomcat 7.0.67 on RHEL 6.7
>
> I have a tomcat app that is deployed and listening on port 6443 for https
> traffic.
>
> tomcat answers fine by request URLS of the form https://hostname:port/rest
> of
> URL/etc. However, it does not answer on https://IP <https://ip/>
> Number:port/rest
> of URL/etc EXCEPT for tests I run from the server itself.
>
> [myuser@adifferenthost ~]$ curl -vk https://IP NUMBER:6443/<rest
> ofURL>* About to connect() to IP NUMBER port 6443 (#0)* Trying IP
> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
> #0* SSL connect error
> curl: (35) SSL connect error
>
> By convention, the other applications that connect to this port
> connect via IP number, not hostname. Not sure what I am missing in
> the setup or certificates ?
>
> Thanks!
>
> Hubert
>