John Ellis
405.285.2500 office http://biz-e.io -----Original Message----- From: Jose María Zaragoza [mailto:demablo...@gmail.com] Sent: Monday, October 9, 2017 11:25 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat SSL issue 2017-10-09 17:01 GMT+02:00 John Ellis <john.el...@lsgsolutions.com>: > I posted questions about this a couple of weeks ago I think it was. I > have been trying to get Tomcat running on a secure port with a valid > SSL certificate. We finally got version 9.0.0.M20 setup successfully > on port > 9443 and I can go to that IP:port and get a Tomcat webpage but when I > go through all the steps using the keytool commands to submit a > certificate (we use Cacert.org) and try to plug that certificate into > the mix it doesn’t work. I still get an error message telling me that > I will have to create an exception to go to that IP address and port. > Last Friday I even deleted the certificate and all the keystore file, > etc. and got the same exact error. So it appears that Tomcat is not > seeing the certificate at all since I get the same error about having > to add an exception whether or not I have a valid certificate in place on the > server. > > The lines we added to the server.xml file to get the secure port > working > are- > > > > <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > clientAuth="false" sslProtocol="TLS" > > keystoreFile="/home/tomcat9.0. > 0.M20/apache-tomcat-9.0.0.M20/conf/keystore.jks" > > keystorePass="changeit" /> > Maybe you should use <SSLHostConfig> element, do you ? Read: https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig Each secure connector must define at least one *SSLHostConfig* I thought that was only for version 9? However I believe we did try that and got the same result last week. > > > John Ellis > > > > 405.285.2500 office > > > > [image: United States] > > [image: bize-logo-rgb-original_Ryan_Revised_portal size] [image: > cid:image002.jpg@01CECFDA.65B42CD0] > > > > http://biz-e.io > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org