Tomcat https answers by hostname, but not by IP number

2016-01-29 Thread Hubert Hickman 
I am running Tomcat 7.0.67 on RHEL 6.7

I have a tomcat app that is deployed and listening on port 6443 for https
traffic.

tomcat answers fine by request URLS of the form https://hostname:port/rest of
URL/etc. However, it does not answer on https://IP 
Number:port/rest
of URL/etc EXCEPT for tests I run from the server itself.

[myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
(#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
#0* SSL connect error
curl: (35) SSL connect error

By convention, the other applications that connect to this port
connect via IP number, not hostname.  Not sure what I am missing in
the setup or certificates ?

Thanks!

Hubert

Re: Tomcat https answers by hostname, but not by IP number

2016-01-29 Thread Hubert Hickman 
Hi Dave !


The app is specified to run on 6443 - with openings in firewalls between
installations only for this port.  Tomcat does answer and return data if
the call is made by hostname to port 6443 - just not by IP number to port
6443.

Regular Apache is running https on 443 and works fine.

https::6443/yadayada works.
https::6443/yadayada does not work.

On Fri, Jan 29, 2016 at 11:28 AM, David kerber <dcker...@verizon.net> wrote:

> On 1/29/2016 12:09 PM, Hubert Hickman wrote:
>
>> I am running Tomcat 7.0.67 on RHEL 6.7
>>
>> I have a tomcat app that is deployed and listening on port 6443 for https
>> traffic.
>>
>> tomcat answers fine by request URLS of the form https://hostname:port/rest
>> of
>> URL/etc. However, it does not answer on https://IP <https://ip/>
>>
>
> That's because 6443 is not the standard port for HTTPS.  If you just say
> https://, without specifying the port, it will go to 443.  It
> will work if you use https://ip:port.
>
>
> Number:port/rest
>> of URL/etc EXCEPT for tests I run from the server itself.
>>
>> [myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/> ofURL>* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
>> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
>> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
>> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
>> #0* SSL connect error
>> curl: (35) SSL connect error
>>
>> By convention, the other applications that connect to this port
>> connect via IP number, not hostname.  Not sure what I am missing in
>> the setup or certificates ?
>>
>> Thanks!
>>
>> Hubert
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>