________________________________
From: Pid * <p...@pidster.com>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Friday, December 16, 2011 10:59:02 AM
Subject: Re: Change Default SSL port on Tomcat
On 16 Dec 2011, at 03:28, Blaxton <blaxx...@yahoo.com> wrote:
> Hi
>
> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine.
>
> uncommented Connector port=8443 and by adding required fields in web.xml
> accessing secured pages would be forwarded to https with port 8443,
> but when I change the port from 8443 to 443, the same URL that was
> working with 8443, I get "Secure Connection Failed"
>
> is there any thing else I need to do to change the default SSL port ?
>
>
> did following steps to change the SSL port from Tomcat default to 443 but got
>
>
> 1- Generated /root/.keystore with following command:
> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
>
>
> 2- then uncommented following lines in server.xml
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS" />
Did you add the keystore to the connector?
p
>
> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
>
>
> 4- restarted tomcat
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
yes, I did add the keystore to the connector as well and didn't work either.
as a matter of fact I followed following link step by step
http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/
with keystore placed in Connector, I get following error in browser :
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
and nothing shows up in mod_jk.log
with no keystore and default port 8443 in all Connectors either AJP
or SSL port, every thing is working fine, and I get the certificate
from the secured page and forwarded to https but as soon as I change
the AJP Connector redirectport to 443, I get following error
in mod_jk.log file:
Secure Connection Failed
An error occurred during a connection to mydomain.com.
Peer's certificate has an invalid signature.
with following config :
Connector port="8443" and
<Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
following error shows up in mod_jk.log file:
connecting to back end failed. Tomcat is probably not started or is listening
on the wrong port (errno=61)
again and finally , with
Connector port="8443" and
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
everthing works fine and I will be forwarded to secure http and no problem.
I think this has to do with mod_jk , this is the mod_jk that can not connect to
port 443
when default port is changing to 443.
to make sure , I added the required JkMount /* to vhost1_httpd.conf for port
443 as well.
one question :
according to following url :
To define a Java (JSSE) connector, regardless of whether the APR library
is loaded or not do:
I need to have one of the following in server.xml file:
<-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" .../>
<-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" .../>
I added following lines to server.xml
<!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" />
but this time the browser shows:
The connection was interrupted
and nothing shows up in mod_jk.log.
port="8443" .../>
