subject:"Tomcat https answers by hostname, but not by IP number"

Tomcat https answers by hostname, but not by IP number

2016-01-29 Thread Hubert Hickman

I am running Tomcat 7.0.67 on RHEL 6.7

I have a tomcat app that is deployed and listening on port 6443 for https
traffic.

tomcat answers fine by request URLS of the form https://hostname:port/rest of
URL/etc. However, it does not answer on https://IP 
Number:port/rest
of URL/etc EXCEPT for tests I run from the server itself.

[myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
(#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
#0* SSL connect error
curl: (35) SSL connect error

By convention, the other applications that connect to this port
connect via IP number, not hostname.  Not sure what I am missing in
the setup or certificates ?

Thanks!

Hubert

Re: Tomcat https answers by hostname, but not by IP number

2016-01-29 Thread David kerber


On 1/29/2016 12:09 PM, Hubert Hickman wrote:

I am running Tomcat 7.0.67 on RHEL 6.7

I have a tomcat app that is deployed and listening on port 6443 for https
traffic.

tomcat answers fine by request URLS of the form https://hostname:port/rest of
URL/etc. However, it does not answer on https://IP 


That's because 6443 is not the standard port for HTTPS.  If you just say 
https://, without specifying the port, it will go to 443.  It 
will work if you use https://ip:port.




Number:port/rest
of URL/etc EXCEPT for tests I run from the server itself.

[myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
(#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
#0* SSL connect error
curl: (35) SSL connect error

By convention, the other applications that connect to this port
connect via IP number, not hostname.  Not sure what I am missing in
the setup or certificates ?

Thanks!

Hubert




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat https answers by hostname, but not by IP number

2016-01-29 Thread Hubert Hickman

Hi Dave !


The app is specified to run on 6443 - with openings in firewalls between
installations only for this port.  Tomcat does answer and return data if
the call is made by hostname to port 6443 - just not by IP number to port
6443.

Regular Apache is running https on 443 and works fine.

https::6443/yadayada works.
https::6443/yadayada does not work.

On Fri, Jan 29, 2016 at 11:28 AM, David kerber  wrote:

> On 1/29/2016 12:09 PM, Hubert Hickman wrote:
>
>> I am running Tomcat 7.0.67 on RHEL 6.7
>>
>> I have a tomcat app that is deployed and listening on port 6443 for https
>> traffic.
>>
>> tomcat answers fine by request URLS of the form https://hostname:port/rest
>> of
>> URL/etc. However, it does not answer on https://IP 
>>
>
> That's because 6443 is not the standard port for HTTPS.  If you just say
> https://, without specifying the port, it will go to 443.  It
> will work if you use https://ip:port.
>
>
> Number:port/rest
>> of URL/etc EXCEPT for tests I run from the server itself.
>>
>> [myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/> ofURL>* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
>> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
>> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
>> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
>> #0* SSL connect error
>> curl: (35) SSL connect error
>>
>> By convention, the other applications that connect to this port
>> connect via IP number, not hostname.  Not sure what I am missing in
>> the setup or certificates ?
>>
>> Thanks!
>>
>> Hubert
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat https answers by hostname, but not by IP number

2016-01-29 Thread Jeff Jennings

quick question.

in tomcat can I username/password protect directories with .htaccess like I
can in Apache?

On Fri, Jan 29, 2016 at 12:09 PM, Hubert Hickman 
wrote:

> I am running Tomcat 7.0.67 on RHEL 6.7
>
> I have a tomcat app that is deployed and listening on port 6443 for https
> traffic.
>
> tomcat answers fine by request URLS of the form https://hostname:port/rest
> of
> URL/etc. However, it does not answer on https://IP 
> Number:port/rest
> of URL/etc EXCEPT for tests I run from the server itself.
>
> [myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/ ofURL>* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
> #0* SSL connect error
> curl: (35) SSL connect error
>
> By convention, the other applications that connect to this port
> connect via IP number, not hostname.  Not sure what I am missing in
> the setup or certificates ?
>
> Thanks!
>
> Hubert
>

Re: Tomcat https answers by hostname, but not by IP number

2016-01-29 Thread Mark Thomas

On 29/01/2016 17:36, Hubert Hickman wrote:
> Hi Dave !
> 
> 
> The app is specified to run on 6443 - with openings in firewalls between
> installations only for this port.  Tomcat does answer and return data if
> the call is made by hostname to port 6443 - just not by IP number to port
> 6443.
> 
> Regular Apache is running https on 443 and works fine.
> 
> https::6443/yadayada works.
> https::6443/yadayada does not work.

Define doesn't work. Some clients may simply drop the connection because
the host name used to connect doesn't match the name on the certificate.

Wireshark will give you a better idea of what is going on.

Mark


> 
> On Fri, Jan 29, 2016 at 11:28 AM, David kerber  wrote:
> 
>> On 1/29/2016 12:09 PM, Hubert Hickman wrote:
>>
>>> I am running Tomcat 7.0.67 on RHEL 6.7
>>>
>>> I have a tomcat app that is deployed and listening on port 6443 for https
>>> traffic.
>>>
>>> tomcat answers fine by request URLS of the form https://hostname:port/rest
>>> of
>>> URL/etc. However, it does not answer on https://IP 
>>>
>>
>> That's because 6443 is not the standard port for HTTPS.  If you just say
>> https://, without specifying the port, it will go to 443.  It
>> will work if you use https://ip:port.
>>
>>
>> Number:port/rest
>>> of URL/etc EXCEPT for tests I run from the server itself.
>>>
>>> [myuser@adifferenthost ~]$  curl -vk https://IP NUMBER:6443/>> ofURL>* About to connect() to IP NUMBER port 6443 (#0)*   Trying IP
>>> NUMBER... connected* Connected to IP NUMBER (IP NUMBER) port 6443
>>> (#0)* Initializing NSS with certpath: sql:/etc/pki/nssdb* warning:
>>> ignoring value of ssl.verifyhost* NSS error -5961* Closing connection
>>> #0* SSL connect error
>>> curl: (35) SSL connect error
>>>
>>> By convention, the other applications that connect to this port
>>> connect via IP number, not hostname.  Not sure what I am missing in
>>> the setup or certificates ?
>>>
>>> Thanks!
>>>
>>> Hubert
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat https answers by hostname, but not by IP number

Re: Tomcat https answers by hostname, but not by IP number

Re: Tomcat https answers by hostname, but not by IP number

Re: Tomcat https answers by hostname, but not by IP number

Re: Tomcat https answers by hostname, but not by IP number

5 matches

Site Navigation

Mail list logo

Footer information