RE: Tomcat SSL issue

Mon, 09 Oct 2017 09:29:24 -0700 


John Ellis

405.285.2500 office


    

http://biz-e.io

-----Original Message-----
From: Jose María Zaragoza [mailto:demablo...@gmail.com] 
Sent: Monday, October 9, 2017 11:25 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat SSL issue

2017-10-09 17:01 GMT+02:00 John Ellis <john.el...@lsgsolutions.com>:

> I posted questions about this a couple of weeks ago I think it was. I 
> have been trying to get Tomcat running on a secure port with a valid 
> SSL certificate. We finally got version 9.0.0.M20 setup successfully 
> on port
> 9443 and I can go to that IP:port and get a Tomcat webpage but when I 
> go through all the steps using the keytool commands to submit a 
> certificate (we use Cacert.org) and try to plug that certificate into 
> the mix it doesn’t work. I still get an error message telling me that 
> I will have to create an exception to go to that IP address and port. 
> Last Friday I even deleted the certificate and all the keystore file, 
> etc. and got the same exact error. So it appears that Tomcat is not 
> seeing the certificate at all since I get the same error about having 
> to add an exception whether or not I have a valid certificate in place on the 
> server.
>
> The lines we added to the server.xml file to get the secure port 
> working
> are-
>
>
>
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
>
>               maxThreads="150" scheme="https" secure="true"
>
>               clientAuth="false" sslProtocol="TLS"
>
>                     keystoreFile="/home/tomcat9.0.
> 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks"
>
>                     keystorePass="changeit" />
>


Maybe you should use <SSLHostConfig> element, do you ?

Read:
https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig

Each secure connector must define at least one *SSLHostConfig*


I thought that was only for version 9? However I believe we did try that and 
got the same result last week.




>
>
> John Ellis
>
>
>
> 405.285.2500 office
>
>
>
> [image: United States]
>
> [image: bize-logo-rgb-original_Ryan_Revised_portal size]    [image:
> cid:image002.jpg@01CECFDA.65B42CD0]
>
>
>
> http://biz-e.io
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to