I have been trying to run my java spring project in HTTPS mode in my localhost.
The project works perfectly in HTTP but form some features, i need it to run in HTTPS
i have changed the default port to 8443 in the server.xml in tomcat. When i run the spring project, its URL shows https://localhost:8443 instead of localhost:8080 but the page does not load. It says page not found.
Please help me resolve this issue.
You need to set up a Connector that listens on port 8443 and a SSL certificate (keystore file in the example below, set the location as you see fit):
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${user.home}/keystore" keystorePass="tomcat" keyAlias="tomcat"/>
You can buy a SSL certificate or locally sign it yourself (although you’ll get a browser exception that will ask manual confirmation to accept it). To do the latter you can use Java’s keytool.
Related
I have a java web application that supplies a REST-API for which I want to implement client certificate authentication. I am using Tomcat 9 Web Server to deploy the application as a warfile.
I only want this validation for the REST API and not for other applications deployed on the same server or other requests (for example the user interface).
Requests without a certificate or without a valid certificate should therefore not be blocked by my Web Server so I can verify the client certificate in my application code.
If I do not configure Tomcat for client certification, I cannot retrieve the certificate within my application code.
I have tried to use the following configuration:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443"
maxThreads="200"
scheme="https"
secure="true"
SSLEnabled="true"
keyAlias="tthserver" keystoreFile="C:\Temp\keystore\keystore.jks" keystorePass="PW"
truststoreFile="C:\Temp\keystore\truststore.jks" trustStorePass="PW"
clientAuth="want" sslProtocol="TLS" />
This however blocks requests with an invalid client certificate.
You will need to add the CLIENT-CERT login-configuration in the web.xml of the webapplication deployed in tomcat that needs client authentication. Other, web applications need not have this configuration, so when client access resources of other web application, the client authentication will not take place.
For more details you may refer to the link below: -
https://users.tomcat.apache.narkive.com/C1hxh39a/tomcat-and-client-certificates
I have an application which is hosted on AWS instance and we used elastic load balancer with AWS SSL certificate. We used tomcat server. As we used AWS SSL certificate we have not configured 443 port on tomcat. Now we want to implement two way SSL certificate. I have searched for the same but most of the information is saying use SSLEnable=true in tomcat's server.xml but this will not work in my case. Can someone please help me in this situation to implement Two way SSL.
This is how i've setup it,
(server.xml)
<Connector
port="8081"
protocol="HTTP/1.1"
proxyPort="443"
scheme="https"
secure="true"
proxyName="mydomain.com"
connectionTimeout="50000"
URIEncoding="UTF-8"
redirectPort="8443" />
I'm having regarding a java web app running on apache.
One of the pages is invoking an applet which code is an external server.
The company responsible of the applet told us to use HTTPS when invoking the page showing the applet as we had problems when we invoked the page using HTTP.
The problem is that when I browse the page in HTTPS , I have an ssl_error_rx_record_too_long error.
The address I want to browse looks like :
https://www.myurl.com:8084/myWebApp/pageContainingApplet.jsp?parameter1=value1¶meter2=value2
I looked for the server.xml file under /conf and added this tag:
<Connector port="8084" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Still nothing
Error code: ssl_error_rx_record_too_long
This usually means the implementation of SSL on your server is not correct. The error is usually caused by a server side problem which the server administrator will need to investigate. Below are some things we recommend trying.
Ensure that port 443 is open and enabled on your server. This is the
standard port for https communications.
If SSL is using a non-standard port then FireFox 3 can sometimes give
this error. Ensure SSL is running on port 443.
If using Apache2 check that you are using port 443 for SSL. This can
be done by setting the ports.conf file as follows
Listen 80 Listen 443 https Make sure you do not have more than one
SSL certificate sharing the same IP. Please ensure that all SSL
certificates utilise their own dedicated IP.
If using Apache2 check your vhost config. Some users have reported
changing to default resolved the error.
Make sure that your SSL certificate is not expired
Try to specify the Cipher:
SSLCipherSuite
ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3
Also check this : https://support.servertastic.com/error-code-ssl-error-rx-record-too-long/
I am doing following settings in server.xml in tomcat 6.0.26 and my url is opening with the following message "Server's certificate is not trusted","The site's security certificate is not trusted!" in chrome and "This Connection is Untrusted" in firefox .
<Connector port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/home/hcl/10.10.105.76.crt"
SSLCertificateKeyFile="/home/hcl/keystore.jks"
SSLCertificateChainFile="/home/hcl/ThawteServerCA.pem"
SSLPassword="changeitssl"
keystoreFile="/home/hcl/keystore.jks" keystorePass="changeitssl"
keyAlias="10.10.105.76"
socketFactory="org.apache.tomcat.net.SSLSocketFactory"
clientAuth="false" SSLProtocol="TLS"/>
How do i make SSL site using self signed and trusted certificates ?
What are the proper steps to create SSL enabled website in java-tomcat-jboss without prompting any certificate message ?
Basically you cannot make a self-signed SSL-certificate that is deemed trusted.
You can get free SSL-certificates though, that are trusted.
You can get one at: http://cert.startcom.org
Hi i have configured SSL in tomcat 5.5, server.xml entry is as below.
**
<Connector port="6922" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/home/mrsx/cert/keystore.keystore"
keystorePass="XXXX"
truststoreFile="/home/mrsx/cert/keystore.keystore"
truststorePass="XXXXX" clientAuth="true" sslProtocol="TLS" />
**
When CLient is trying to access application, application is throwing exception because of "javax.servlet.request.X509Certificate" parameter in request is NULL.
i have created a keystore and imported CA certs to the keystore.. Can any one please tell me why i am Getting NULL certificates. I have not imported any client certificates in keystore.
Based on what you have given above, the SSLEnabled="true" statement is missing.
If that does not help, try adding ssl debugging on the client side and you should be able to obtain some more details.
As #Krroae27 pointed out, you have enabled two way SSL/TLS:
clientAuth="true"
Only do this if you expect clients to provide credentials using certificates. If you are going to do this you usually need to setup a Realm configuration like tomcat-users.xml that will map client certificates to a local principal.