RE: SSL Best Practices

Tue, 19 Mar 2013 07:40:43 -0700 


> -----Original Message-----
> From: Jeffrey D. Fisher [mailto:[email protected]]
> Sent: Tuesday, March 19, 2013 10:34 AM
> To: 'Tomcat Users List'; [email protected]
> Subject: RE: SSL Best Practices
>
> Yes, I do have a CA-issued certificate with a chain to a trusted CA.
> I've imported it to the keystore.  I am close to a solution.  When I
> attempt to open the default Apache web page using "https:" I get an
> error page that says that the server cannot open the page.  It opens
> with "http:" just fine.
> I have configured the normal ports i.e. "80" and "443" to redirect to
> "8443".  The reason for this is that the users having to include the
> port numbers (8080 or 8443) would not be acceptable.  They need only
> enter the DNS name into the browser and DNS does the rest.
>
> I am missing something in the configuration of SERVER.XML, WEB.XML or
> both to get the server to answer to an https connection.  I cannot find
> what it is that I have not done or I have missed!
>
> Any input would be appreciated.
>
> Best...
>
> Jeffrey D. Fisher
> Omaha, NE USA
>

I ran into this same issue; make sure you have 'secure="true"' in the connector:

<Connector protocol="org.apache.coyote.http11.Http11Protocol" port="7443" 
SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true" 
keystorePass="mypassword"
               clientAuth="want" sslProtocol="TLS" 
keystoreFile=".\conf\myks.jks"
               truststoreFile=".\conf\myts.jks" />

Jeffrey Harris


This e-mail and any attachments are intended only for the use of the 
addressee(s) named herein and may contain proprietary information. If you are 
not the intended recipient of this e-mail or believe that you received this 
email in error, please take immediate action to notify the sender of the 
apparent error by reply e-mail; permanently delete the e-mail and any 
attachments from your computer; and do not disseminate, distribute, use, or 
copy this message and any attachments.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to