You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Blaxton <bl...@yahoo.com> on 2011/12/16 04:27:54 UTC
Change Default SSL port on Tomcat
Hi
Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
uncommented Connector port=8443 and by adding required fields in web.xml
accessing secured pages would be forwarded to https with port 8443,
but when I change the port from 8443 to 443, the same URL that was
working with 8443, I get "Secure Connection Failed"
is there any thing else I need to do to change the default SSL port ?
did following steps to change the SSL port from Tomcat default to 443 but got
1- Generated /root/.keystore with following command:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
2- then uncommented following lines in server.xml
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
4- restarted tomcat
Re: Change Default SSL port on Tomcat
Posted by Blaxton <bl...@yahoo.com>.
________________________________
From: Pid <pi...@pidster.com>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Friday, December 16, 2011 12:35:24 PM
Subject: Re: Change Default SSL port on Tomcat
On 16/12/2011 08:47, Blaxton wrote:
>
>
>
>
> ________________________________
> From: Pid * <pi...@pidster.com>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Sent: Friday, December 16, 2011 10:59:02 AM
> Subject: Re: Change Default SSL port on Tomcat
>
> On 16 Dec 2011, at 03:28, Blaxton <bl...@yahoo.com> wrote:
>
>> Hi
>>
>> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>>
>> uncommented Connector port=8443 and by adding required fields in web.xml
>> accessing secured pages would be forwarded to https with port 8443,
>> but when I change the port from 8443 to 443, the same URL that was
>> working with 8443, I get "Secure Connection Failed"
>>
>> is there any thing else I need to do to change the default SSL port ?
>>
>>
>> did following steps to change the SSL port from Tomcat default to 443 but got
>>
>>
>> 1- Generated /root/.keystore with following command:
>> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>>
>>
>> 2- then uncommented following lines in server.xml
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS" />
>
> Did you add the keystore to the connector?
>
>
> p
>
>>
>> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>>
>>
>> 4- restarted tomcat
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> yes, I did add the keystore to the connector as well and didn't work either.
> as a matter of fact I followed following link step by step
>
> http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/
>
> with keystore placed in Connector, I get following error in browser :
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
>
> and nothing shows up in mod_jk.log
>
> with no keystore and default port 8443 in all Connectors either AJP
> or SSL port, every thing is working fine, and I get the certificate
> from the secured page and forwarded to https but as soon as I change
> the AJP Connector redirectport to 443, I get following error
> in mod_jk.log file:
>
> Secure Connection Failed
> An error occurred during a connection to mydomain.com.
> Peer's certificate has an invalid signature.
>
> with following config :
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
> following error shows up in mod_jk.log file:
> connecting to back end failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
>
> again and finally , with
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> everthing works fine and I will be forwarded to secure http and no problem.
>
> I think this has to do with mod_jk , this is the mod_jk that can not connect to port 443
> when default port is changing to 443.
>
> to make sure , I added the required JkMount /* to vhost1_httpd.conf for port 443 as well.
>
> one question :
> according to following url :
>
> To define a Java (JSSE) connector, regardless of whether the APR library
> is loaded or not do:
> I need to have one of the following in server.xml file:
>
>
> <-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> port="8443" .../>
>
> <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443" .../>
>
>
>
> I added following lines to server.xml
>
> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" />
>
> but this time the browser shows:
> The connection was interrupted
>
> and nothing shows up in mod_jk.log.
Sorry, I read this on my phone I missed the first bit.
If you're using mod_jk/AJP then you do the SSL decoding before sending
traffic to Tomcat.
HTTPD:80 -->
Tomcat:8009
HTTPD:443 -->
You should configure SSL on HTTPD instead.
p
--
[key:62590808]
Then how the default 8443 works fine with the same URL ?
following is set in vhost1_httpd.conf
JkMount /app1/* worker1
so , all URLs containing /app1/ should be forwarded to Tomcat to be processed regardless of the port
and that what is happening when redirectport=8443 is set in AJP Connector
and accessing http://www.mydomain.com/app1/securelocation/ will be redirected to
https://mydomain.com:8443/app1/securelocation/
but as soon as the redirectport is changed in AJP Connector to 443 ,
it won't work.
unless we assume , port 8443 will be processed by Tomcat
but port 443 should be processed by Apache !!!!!!!!!
Re: Change Default SSL port on Tomcat
Posted by Blaxton <bl...@yahoo.com>.
________________________________
From: André Warnier <aw...@ice-sa.com>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Friday, December 16, 2011 10:34:24 PM
Subject: Re: Change Default SSL port on Tomcat
Pid * wrote:
>> Thank you pid,
>>
>> I looked in Catalina.out and found out 443 port is already in use error
>> and I had listen 443 in apache, so removed it and now tomcat
>> comes up and all is good.
>>
>> I am not sure if it is better to serve ssl and https through Tomcat or Apache
>
> So your plan is to serve normal traffic via HTTPD, mod_jk but send the
> SSL traffic straight to Tomcat?
>
> That would be, erm, unusual.
>
Yes, there is something in that whole explanation which didn't sound quite right.
To the Original Poster, if this wasn't clear yet :
The AJP protocol does not support SSL connections.
In other words, if your connection schema is :
browser <-(1)-> Apache + mod_jk <-(2)-> AJP Connector on port 8009 + Tomcat
(or mod_proxy_ajp)
then (2) cannot be a HTTPS connection.
The normal thing is to have (1) be a HTTPS connection, which ends at the Apache level.
Then mod_jk (or mod_proxy_ajp) forwards the requests to Tomcat via (2), but that is an AJP protocol connection, which is not encrypted.
It can forward the original SSL headers, so that Tomcat can have a look at them, but that's it.
Most likely, when you are establishing an HTTPS connection between the browser and Tomcat, it goes "around" Apache httpd, directly to Tomcat, like this :
browser <--(1)-------------------------> HTTPS Connector + Tomcat
Apache + mod_jk (totally unaware of what's going on now)
Maybe you are just unaware of this because both Apache httpd and Tomcat are running on the same host, so have the same hostname and IP address, which just the port being different.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Thank you for the tip.
That's a good point.
Re: Change Default SSL port on Tomcat
Posted by André Warnier <aw...@ice-sa.com>.
Pid * wrote:
>> Thank you pid,
>>
>> I looked in Catalina.out and found out 443 port is already in use error
>> and I had listen 443 in apache, so removed it and now tomcat
>> comes up and all is good.
>>
>> I am not sure if it is better to serve ssl and https through Tomcat or Apache
>
> So your plan is to serve normal traffic via HTTPD, mod_jk but send the
> SSL traffic straight to Tomcat?
>
> That would be, erm, unusual.
>
Yes, there is something in that whole explanation which didn't sound quite right.
To the Original Poster, if this wasn't clear yet :
The AJP protocol does not support SSL connections.
In other words, if your connection schema is :
browser <-(1)-> Apache + mod_jk <-(2)-> AJP Connector on port 8009 + Tomcat
(or mod_proxy_ajp)
then (2) cannot be a HTTPS connection.
The normal thing is to have (1) be a HTTPS connection, which ends at the Apache level.
Then mod_jk (or mod_proxy_ajp) forwards the requests to Tomcat via (2), but that is an AJP
protocol connection, which is not encrypted.
It can forward the original SSL headers, so that Tomcat can have a look at them, but
that's it.
Most likely, when you are establishing an HTTPS connection between the browser and Tomcat,
it goes "around" Apache httpd, directly to Tomcat, like this :
browser <--(1)-------------------------> HTTPS Connector + Tomcat
Apache + mod_jk (totally unaware of what's going on now)
Maybe you are just unaware of this because both Apache httpd and Tomcat are running on the
same host, so have the same hostname and IP address, which just the port being different.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Change Default SSL port on Tomcat
Posted by Pid * <pi...@pidster.com>.
>
> Thank you pid,
>
> I looked in Catalina.out and found out 443 port is already in use error
> and I had listen 443 in apache, so removed it and now tomcat
> comes up and all is good.
>
> I am not sure if it is better to serve ssl and https through Tomcat or Apache
So your plan is to serve normal traffic via HTTPD, mod_jk but send the
SSL traffic straight to Tomcat?
That would be, erm, unusual.
p
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Change Default SSL port on Tomcat
Posted by Blaxton <bl...@yahoo.com>.
________________________________
From: Pid <pi...@pidster.com>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Friday, December 16, 2011 12:35:24 PM
Subject: Re: Change Default SSL port on Tomcat
On 16/12/2011 08:47, Blaxton wrote:
>
>
>
>
> ________________________________
> From: Pid * <pi...@pidster.com>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Sent: Friday, December 16, 2011 10:59:02 AM
> Subject: Re: Change Default SSL port on Tomcat
>
> On 16 Dec 2011, at 03:28, Blaxton <bl...@yahoo.com> wrote:
>
>> Hi
>>
>> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>>
>> uncommented Connector port=8443 and by adding required fields in web.xml
>> accessing secured pages would be forwarded to https with port 8443,
>> but when I change the port from 8443 to 443, the same URL that was
>> working with 8443, I get "Secure Connection Failed"
>>
>> is there any thing else I need to do to change the default SSL port ?
>>
>>
>> did following steps to change the SSL port from Tomcat default to 443 but got
>>
>>
>> 1- Generated /root/.keystore with following command:
>> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>>
>>
>> 2- then uncommented following lines in server.xml
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS" />
>
> Did you add the keystore to the connector?
>
>
> p
>
>>
>> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>>
>>
>> 4- restarted tomcat
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> yes, I did add the keystore to the connector as well and didn't work either.
> as a matter of fact I followed following link step by step
>
> http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/
>
> with keystore placed in Connector, I get following error in browser :
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
>
> and nothing shows up in mod_jk.log
>
> with no keystore and default port 8443 in all Connectors either AJP
> or SSL port, every thing is working fine, and I get the certificate
> from the secured page and forwarded to https but as soon as I change
> the AJP Connector redirectport to 443, I get following error
> in mod_jk.log file:
>
> Secure Connection Failed
> An error occurred during a connection to mydomain.com.
> Peer's certificate has an invalid signature.
>
> with following config :
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
> following error shows up in mod_jk.log file:
> connecting to back end failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
>
> again and finally , with
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> everthing works fine and I will be forwarded to secure http and no problem.
>
> I think this has to do with mod_jk , this is the mod_jk that can not connect to port 443
> when default port is changing to 443.
>
> to make sure , I added the required JkMount /* to vhost1_httpd.conf for port 443 as well.
>
> one question :
> according to following url :
>
> To define a Java (JSSE) connector, regardless of whether the APR library
> is loaded or not do:
> I need to have one of the following in server.xml file:
>
>
> <-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> port="8443" .../>
>
> <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443" .../>
>
>
>
> I added following lines to server.xml
>
> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" />
>
> but this time the browser shows:
> The connection was interrupted
>
> and nothing shows up in mod_jk.log.
Sorry, I read this on my phone I missed the first bit.
If you're using mod_jk/AJP then you do the SSL decoding before sending
traffic to Tomcat.
HTTPD:80 -->
Tomcat:8009
HTTPD:443 -->
You should configure SSL on HTTPD instead.
p
--
[key:62590808]
Thank you pid,
I looked in Catalina.out and found out 443 port is already in use error
and I had listen 443 in apache, so removed it and now tomcat
comes up and all is good.
I am not sure if it is better to serve ssl and https through Tomcat or Apache ?
Re: Change Default SSL port on Tomcat
Posted by Pid <pi...@pidster.com>.
On 16/12/2011 08:47, Blaxton wrote:
>
>
>
>
> ________________________________
> From: Pid * <pi...@pidster.com>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Sent: Friday, December 16, 2011 10:59:02 AM
> Subject: Re: Change Default SSL port on Tomcat
>
> On 16 Dec 2011, at 03:28, Blaxton <bl...@yahoo.com> wrote:
>
>> Hi
>>
>> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>>
>> uncommented Connector port=8443 and by adding required fields in web.xml
>> accessing secured pages would be forwarded to https with port 8443,
>> but when I change the port from 8443 to 443, the same URL that was
>> working with 8443, I get "Secure Connection Failed"
>>
>> is there any thing else I need to do to change the default SSL port ?
>>
>>
>> did following steps to change the SSL port from Tomcat default to 443 but got
>>
>>
>> 1- Generated /root/.keystore with following command:
>> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>>
>>
>> 2- then uncommented following lines in server.xml
>> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="false" sslProtocol="TLS" />
>
> Did you add the keystore to the connector?
>
>
> p
>
>>
>> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>>
>>
>> 4- restarted tomcat
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> yes, I did add the keystore to the connector as well and didn't work either.
> as a matter of fact I followed following link step by step
>
> http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/
>
> with keystore placed in Connector, I get following error in browser :
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
>
> and nothing shows up in mod_jk.log
>
> with no keystore and default port 8443 in all Connectors either AJP
> or SSL port, every thing is working fine, and I get the certificate
> from the secured page and forwarded to https but as soon as I change
> the AJP Connector redirectport to 443, I get following error
> in mod_jk.log file:
>
> Secure Connection Failed
> An error occurred during a connection to mydomain.com.
> Peer's certificate has an invalid signature.
>
> with following config :
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
> following error shows up in mod_jk.log file:
> connecting to back end failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
>
> again and finally , with
> Connector port="8443" and
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
> everthing works fine and I will be forwarded to secure http and no problem.
>
> I think this has to do with mod_jk , this is the mod_jk that can not connect to port 443
> when default port is changing to 443.
>
> to make sure , I added the required JkMount /* to vhost1_httpd.conf for port 443 as well.
>
> one question :
> according to following url :
>
> To define a Java (JSSE) connector, regardless of whether the APR library
> is loaded or not do:
> I need to have one of the following in server.xml file:
>
>
> <-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11Protocol"
> port="8443" .../>
>
> <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
> port="8443" .../>
>
>
>
> I added following lines to server.xml
>
> <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" />
>
> but this time the browser shows:
> The connection was interrupted
>
> and nothing shows up in mod_jk.log.
Sorry, I read this on my phone I missed the first bit.
If you're using mod_jk/AJP then you do the SSL decoding before sending
traffic to Tomcat.
HTTPD:80 -->
Tomcat:8009
HTTPD:443 -->
You should configure SSL on HTTPD instead.
p
--
[key:62590808]
Re: Change Default SSL port on Tomcat
Posted by Blaxton <bl...@yahoo.com>.
________________________________
From: Pid * <pi...@pidster.com>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Friday, December 16, 2011 10:59:02 AM
Subject: Re: Change Default SSL port on Tomcat
On 16 Dec 2011, at 03:28, Blaxton <bl...@yahoo.com> wrote:
> Hi
>
> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>
> uncommented Connector port=8443 and by adding required fields in web.xml
> accessing secured pages would be forwarded to https with port 8443,
> but when I change the port from 8443 to 443, the same URL that was
> working with 8443, I get "Secure Connection Failed"
>
> is there any thing else I need to do to change the default SSL port ?
>
>
> did following steps to change the SSL port from Tomcat default to 443 but got
>
>
> 1- Generated /root/.keystore with following command:
> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>
>
> 2- then uncommented following lines in server.xml
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
Did you add the keystore to the connector?
p
>
> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>
>
> 4- restarted tomcat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
yes, I did add the keystore to the connector as well and didn't work either.
as a matter of fact I followed following link step by step
http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/
with keystore placed in Connector, I get following error in browser :
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
and nothing shows up in mod_jk.log
with no keystore and default port 8443 in all Connectors either AJP
or SSL port, every thing is working fine, and I get the certificate
from the secured page and forwarded to https but as soon as I change
the AJP Connector redirectport to 443, I get following error
in mod_jk.log file:
Secure Connection Failed
An error occurred during a connection to mydomain.com.
Peer's certificate has an invalid signature.
with following config :
Connector port="8443" and
<Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
following error shows up in mod_jk.log file:
connecting to back end failed. Tomcat is probably not started or is listening on the wrong port (errno=61)
again and finally , with
Connector port="8443" and
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
everthing works fine and I will be forwarded to secure http and no problem.
I think this has to do with mod_jk , this is the mod_jk that can not connect to port 443
when default port is changing to 443.
to make sure , I added the required JkMount /* to vhost1_httpd.conf for port 443 as well.
one question :
according to following url :
To define a Java (JSSE) connector, regardless of whether the APR library
is loaded or not do:
I need to have one of the following in server.xml file:
<-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" .../>
<-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" .../>
I added following lines to server.xml
<!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" />
but this time the browser shows:
The connection was interrupted
and nothing shows up in mod_jk.log.
port="8443" .../>
Re: Change Default SSL port on Tomcat
Posted by Pid * <pi...@pidster.com>.
On 16 Dec 2011, at 03:28, Blaxton <bl...@yahoo.com> wrote:
> Hi
>
> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>
> uncommented Connector port=8443 and by adding required fields in web.xml
> accessing secured pages would be forwarded to https with port 8443,
> but when I change the port from 8443 to 443, the same URL that was
> working with 8443, I get "Secure Connection Failed"
>
> is there any thing else I need to do to change the default SSL port ?
>
>
> did following steps to change the SSL port from Tomcat default to 443 but got
>
>
> 1- Generated /root/.keystore with following command:
> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>
>
> 2- then uncommented following lines in server.xml
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
Did you add the keystore to the connector?
p
>
> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>
>
> 4- restarted tomcat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org