You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Arthur Cosma <AC...@c-sgroup.com> on 2015/03/31 22:17:53 UTC

SSL configuration trouble with IIS, Tomcat and jkredirect

Hello and thank you for the opportunity, this is my first post.
Please note that all I did below is either expertise from the vendor (which is very uncooperative in regards to https) or by reading numerous bits of information on the web.

Here is the environment:
IIS 7(.5) web server running on 2008 R2 64 bit
Tomcat 7.0.35 64 bit
JK 1.2.40 connector 64 bit configured with a configuration file and not via the registry

I have a vendor application that runs fine in http with the setup above, but I am trying to configure it for https.
JK redirects properly the http traffic from port 8080 to 80 and the URL is not requiring the port.

In order to set up SSL I enabled in in IIS, I created a certificate with keytool and imported it on the server.
I can browse to https://myhost and after I accept the certificate, I get the familiar IIS 7 logo.
I can also connect to https://myhost/manager/html and I am able to authenticate to Tomcat and get to the manager page.
None of these URLs, however, throw an entry in the isapi_redirect.log file. All I get in there is the initialization message.

I have my applet defined in uriworkermap.properties and it points to an ajp13 worker defined on port 8009.

These are my connector definitions in server.xml (the rest of the configuration is default):

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
               maxThreads="200" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="D:\keystore\.keystore" keystorePass="tomcatPWD" />

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

In order to revert to http, all I have to do is comment out the second connector definition for port 8443 and revert the applet's parameter to http.
When everything is set to https, any call to the applet goes into a loop and it just sits there with a spinning icon on the browser's tab: "Waiting for myhost..."
There is no entry in isapi_redirect.log and  localhost_access_log.txt only receives a "GET /myapplet HTTP/1.1" 302 -

I tried to understand the way ports work with Tomcat, JK and SSL but I am at a loss, so I finally decided to post on this mailing list.
>From what I know, JK redirects port 8080 to 80, but I couldn't find any information on redirecting, say 8443, to 443.

Any guidance will be greatly appreciated. I feel like I'm close, but missing the next step.
I am not a total newb, with some exposure to Tomcat, but this is above my pay grade.

Best regards,
Arthur




 -- This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us and destroy this message immediately. ---