I am trying to host my service with http and https. i have hosted in http and in https using keyStore generated using KeyStore tool.
Both of these worked.
Now i am trying to host x509 certificate and i am getting webpage is not available. i think issue is in configuring x509. let me know my mistake.
Working Setting, keystore
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\apache server for hosting\keystore"
keystorePass="pass#word1" />
not working setting, x509 certificate
<Connector port="8444" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEngine="on"
SSLCertificateFile="C:\apache server for hosting\JavaWebserviceCert.cer"
SSLCertificateKeyFile="C:\apache server for hosting\JavaServicePrivateKey.pfx"
SSLVerifyClient="require" SSLVerifyDepth="10" />
Regards
Related
in a ContainerRequestFilter i am trying to read the client's self signed certificate, and i am getting null.
Java:
X509Certificate[] certificates = (X509Certificate[]) requestContext.getProperty("javax.servlet.request.X509Certificate");
Tomee server.xml:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true" maxPostSize="100000"
>
<SSLHostConfig
certificateVerification="optionalNoCA"
truststoreFile="/my/java/cacerts"
truststorePassword="changeit"
>
<Certificate
certificateKeyAlias="myalias"
certificateKeystoreFile="/my/keystore/filepath"
certificateKeystorePassword="changeit"
certificateKeystoreType="JKS" >
</Certificate>
</SSLHostConfig>
What configuration am I missing?
I have created my Rest API in java and working fine with HTTP. But to secure transportation I have made some changes in server.xml file in eclipse.
First I have created self signed certificate and password for that and mentioned that information in server.xml file like below (All done in windows 7)
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="E:\\SSL\\Certificate.pfx" keystorePass="Certificate123" />
But sill am not able to connect webserver with HTTPS.
Can anyone tell me what am doing wrong here ?
It looks like you're using apache-tomact and it also looks like you have created a keystore in the pkcs12 format.
Try adding the keystoreType="PKCS12" attribute to the connector element.
You can find additional details here.
In jboss server, in which file we define to look the keystore certificates?
I'm facing errors and when saw the boot.log file, its taking some certificate which is not available in my server.
boot.log file:
DEBUG [ServerInfo] javax.net.ssl.keyStore: C:/jboss/jboss-appserver/server/conf/clientCerts.jks
when boot.log file is generated, which file does it read??
It's in the connector definition
<Connector
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/usr/local/ssl/server.crt"
SSLCertificateKeyFile="/usr/local/ssl/server.pem"
clientAuth="false" sslProtocol="TLS"/>
see https://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html
We have some problems with SSO (single sign on) authentication. We use JASIG CAS and our implmentation is not working. It is allert "You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS." But we added the sertificate to Tomcat server.xml
our settings in server.xml
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keyAlias="myalias"
keystoreFile="C:\Program Files\Java\jdk1.8.0_65\bin\ssoServer.jks"
keystorePass="12345678" />
If you did add the cert, then why are you going over localhost and 8080?
I've got a problem setting up my tomcat on linux for secure connection. My servlets work fine for normal http requests, but when changing the server.xml file to https configuration, the servlet is only addressable through the intern IP. I created a .keystore file in my home directory. The fact, that the https connection(after accepting the certificate) works within the intern network makes me believe it is a router related problem (I opend and forwarded port 8443 on my router).
Thanks for any help!
Server.xml:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443"/>
...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/user/.keystore"
keystorePass="password" />