I think that typo was from when I was copying and pasting and editing it in a text editor, not actually in the file.
However, I resolved the situation. I had everything set up correctly, but the helpful person who generated the certificate for me initially had done something wrong (somehow, you can generate it differently for IIS while we’re using Tomcat.) I went through the process starting from scratch and I was able to get it all working right before I left for BMC Engage. Thanks, Shawn Pierson Remedy Developer | Energy Transfer From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tzachi Shaiovitch Sent: Thursday, September 03, 2015 1:54 AM To: arslist@ARSLIST.ORG Subject: Re: Struggling with SSL and Mid Tier ** Hi, Looks like you have a typo. secure="true" ="false" <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" secure="true" ="false" keystoreFile="conf/filenamegoeshere.jks" keystorePass="passwordgoeshere"/> If possible please change the connector protocol to "HTTP/1.1" . Please find working example of HTTPS connector that i have on my system. <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/home/admin/.keystore" keystorePass="somepassword" /> Regards, Tzachi Shaiovitch, Remedy Solution Architect Matrix - Designated Solutions and Public Sector Division Cellular: +972-52-2328283 | Email: tzach...@matrix.co.il<mailto:yo...@matrix.co.il> [cid:image001.png@01D0EF89.319C9DD0] <http://www.matrix.co.il/en/Pages/default.aspx> ________________________________ From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>> on behalf of Pierson, Shawn <shawn.pier...@energytransfer.com<mailto:shawn.pier...@energytransfer.com>> Sent: Wednesday, September 2, 2015 21:14 To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG> Subject: Struggling with SSL and Mid Tier ** Good afternoon, This isn’t specifically a Remedy issue but it’s something many of you have done so I thought I’d ask here. I’m in the process of setting up SSL with Tomcat 7.0.53 on Windows so we can better secure the Mid Tier. According to the logs, it looks like Remedy is able to connect back to the server, but I can’t actually connect to Tomcat. Ignoring Remedy for a moment, I have an index.html in the root folder that should work. Let’s say my server’s DNS alias is remedy.example.com in this case. Tomcat ran fine on port 8080 (including the Mid Tier) without any certificate set up. However, I implemented this as the connector in the server.xml file: <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" secure="true" ="false" keystoreFile="conf/filenamegoeshere.jks" keystorePass="passwordgoeshere"/> This *should* work, but doesn’t seem to allow me to connect. I’ve tried using port 8443 to no avail, I’ve tried different protocols but settled on this one since it’s used by other apps in my organization. I was also suggested to put the keystore file in the conf directory and to reference it the way I did above. There are other options that I will add to this connector when we have it all up and running but for now that’s it. In terms of the keystore file, if I run keytool –list –keystore filenamegoeshere.jks and enter the correct password, I can see the valid certificate fingerprint information, and if I add a –v to it, I can see that it is a certificate for remedy.example.com specifically. Now, the final thing that is odd is that if the alias for my certificate is “server” for example, and I go into my Tomcat connector and add keyAlias="server" and restart Tomcat, I get these types of errors and the whole thing bombs out: SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-443"] java.io.IOException: Alias name server does not identify a key entry Does anyone have any suggestions of what I might be able to do to resolve this? I’ve been stuck on it since last week and tried everything I can come up with. Setting up SSL on Tomcat isn’t my area of expertise and there’s too much information available on Google and not enough on BMC’s sites to help me figure out what options I have to resolve this. Thanks, Shawn Pierson Remedy Developer | Energy Transfer Private and confidential as detailed here<http://www.energytransfer.com/mail_disclaimer.aspx>. If you cannot access hyperlink, please e-mail sender. This mail was received and tested using PineApp _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
