I am trying to get self signed certificate for my website. I created a certificate using "Keytool" and then made following changes in conf/server.xml
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1"
redirectPort="8443" />
<Connector SSLEnabled="true" clientAuth="false"
keystoreFile="c:\tomcat\keystore\.keystore" keystorePass="changeit"
maxThreads="150" port="8443" protocol="HTTP/1.1" scheme="https"
secure="true" sslProtocol="TLS" />
When i run the tomcat server externally and type the URL https://"localhost":8443 (No quotes around localhost) it works but when i run the tomcat server in Eclipse i get 404 error.
Can anyone please help me with this. Thanks in advance.
I referred to the below sites for help.
http://technology-for-human.blogspot.com/2011/08/ssl-in-tomcat-under-eclipse-part-1-self.html
Eclipse WTP: How do I enable SSL on Tomcat?
According to https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
the sslProtocol property should be one of the followings: SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, all.
Try putting "TLSv1+TLSv1.1+TLSv1.2".
Be sure there's no exceptions regarding the keystore's path or password.
And last but not least, remove the redirectPort property from others Connectors.
Related
I have created my Rest API in java and working fine with HTTP. But to secure transportation I have made some changes in server.xml file in eclipse.
First I have created self signed certificate and password for that and mentioned that information in server.xml file like below (All done in windows 7)
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="E:\\SSL\\Certificate.pfx" keystorePass="Certificate123" />
But sill am not able to connect webserver with HTTPS.
Can anyone tell me what am doing wrong here ?
It looks like you're using apache-tomact and it also looks like you have created a keystore in the pkcs12 format.
Try adding the keystoreType="PKCS12" attribute to the connector element.
You can find additional details here.
I get the same problem with this topic
I already try 2 days but still not works at all..
this is my server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/root/xyz.jks"
keystorePass="asdfasdf" />
what step I do:
create file.jks
create file.csr
submit to comodo
then comodo send me a link and a code for verification
after verification, comodo send me a file.zip with 4 *.crt
then I store all that file with keytool.
after store it, I configure the server.xml like the code at above
then I tried to run my tomcat 8.
then I tried to open https://example.com:8443 or https://example.com:443
it always like this
then I tried with http://example.com:8080/index.html
my index.html run well..
Can someone suggest me what must I do again?
What's wrong with my configuration?
I've deployed a number of SSL configurations, including both Tomcat (cacerts + keytool) and IIS (Windows Certificate Store + netsh http sslcert) so I'm familiar with these procedures.
Has anyone come up with a way to point Tomcat's SSL connector to a Windows Store (i.e. configuration, extension, plugin, etc.)? Just looking to centralize management of SSL deployments to one store, vs. having multiple stores.
According to the answer on "SSL enabling in Tomcat Windows server" you can specify keystore type as "Windows-My" in configuration of connector in server.xml, it worked for me on Tomcat 8.0.22 as well
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keyAlias="<alias of the cert>"
keystoreFile=""
keystoreType="Windows-My"
clientAuth="false"
sslProtocol="TLS"
keepAliveTimeout="200000" />
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keyAlias="<alias of the cert>"
keystoreFile=""
keystorePass=""
keystoreType="Windows-My"
clientAuth="false"
sslProtocol="TLS"
keepAliveTimeout="200000" />
keystoreFile and keystorePass has to be set to empty string. see my comment at bz.apache.org "BUG 56021"
If not set they will default to values that causes trouble.
keyAlias should be either the friendly name (if it has one) or the common name of the certificate.
It seems not possible. From tomcat 8 documentation https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
tomcat currently operates only on JKS, PKCS11 or PKCS12 format keystores.
Windows Store would require an specific connector similar to the 'WINDOWS-MY' of JSSE.
There is no reference in documentation to any plugin or connector to Windows Certificate Store.
While Dmitry's solution works on Tomcat 8.0, from Tomcat 8.5 onward there is a small caveat: you need to explicitly set JSSE as SSLImplementation. Hence the configuration becomes (considering also the new structure introduced in Tomcat 8.5):
<Connector port="8443"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
scheme="https" secure="true" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreType="Windows-MY"
certificateKeystoreFile=""
certificateKeyAlias="tomcat" />
</SSLHostConfig>
</Connector>
Alternatively, one can also set useOpenSSL="false" on the AprLifecycleListener.
I've got a problem setting up my tomcat on linux for secure connection. My servlets work fine for normal http requests, but when changing the server.xml file to https configuration, the servlet is only addressable through the intern IP. I created a .keystore file in my home directory. The fact, that the https connection(after accepting the certificate) works within the intern network makes me believe it is a router related problem (I opend and forwarded port 8443 on my router).
Thanks for any help!
Server.xml:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443"/>
...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/user/.keystore"
keystorePass="password" />
I have an application that runs on secure channel, I want to configure a secure port. I am adding following connector into my tomcat server.xml file
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" secure="true"
clientAuth="false" />
It connects to server when I hit
https://localhost.com:8443
in browser, but I never get response back, it connects to server forever.
I would really appreciate any help on this.
Thanks.
It is because you configuration is not complete. Take a look at this tutorial:
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
It has to look more like this:
<Connector
protocol="HTTP/1.1"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Without SSLEnabled="true" there will be no encryption.
I found the issue was due to a webservice was down that my application is depend upon, that is why request were stuck forever.
However the above configuration for configuring fake secure port worked for me.