On 10.06.2016 12:14, varun gulati wrote:
Hello Gurus,
We are using Tomcat to serve our User Base (we are not using Apache http Server
but only Tomcat). We have recently enabled SSL in our Project and everything
runs just fine. We raised the CSR using keytool, got the Certificates, So both
of my below URLs work perfectly:
http://hostname:8080
https://hostname:8443
Framework Details:
OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga)
Tomcat Version: 7.x
Port 8443 which was not coming in the netstat o/p, now comes:
netstat -an | grep 8443
tcp 0 0 0.0.0.0:8443 0.0.0.0:*
LISTEN
Here is how the server.xml looks like (excluding the ciphers list):
===============================================================================================================
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/abc/xyz/XXXXXX.keystore"
keystorePass="XXXXXX"
clientAuth="false" sslProtocol="TLS"
ciphers="XXXXX" />
=================================================================================================================
Now the requirement is that, we exclude the Port no. from the URL. Believe the only way out is to use Port
443 instead of 8443, so in the above configuration in the SSL section we just replace the port
"8443" with Port "443" and give the redirectPort as "8443".
However, it is not working out for us. We did a lot of investigation, surfing
but could not find any solution.
Also we confirmed that Port 443 is not blocked anywhere. Also "netstat -an"
doesn't give any o/p for Port 443:Below is how our config looks like when we tried it out
enabling 443 (excluding ciphers).
==================================================================================================================
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector executor="tomcatThreadPool" port="443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/abc/xyz/XXXXXX.keystore"
keystorePass="XXXXXX"
clientAuth="false" sslProtocol="TLS" redirectPort="8443"
ciphers="XXXXXXX" />
==================================================================================================================
Really appreciate your help and guidance towards resolving the issue. Many
thanks in advance...
Hi.
Thanks for the info provided above.
(Suggested improvement still : provide the exact Tomcat version, and the Java
version.)
Others :
- the "redirectPort" attribute above (on the SSL Connector), is not needed (and ignored)
if the Connector is already HTTPS anyway. See :
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Attributes --> redirectPort
but more importantly : what does the Tomcat logfile say ?
(It should open port 443; if it doesn't, it may be that this port is already in use by
another program. The log would tell you that.)
netstat -pan | grep LISTEN | grep 443
(-pan will also list the program name and PID of what owns it)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org