On 16/12/2011 08:47, Blaxton wrote: > > > > > ________________________________ > From: Pid * <p...@pidster.com> > To: Tomcat Users List <users@tomcat.apache.org> > Sent: Friday, December 16, 2011 10:59:02 AM > Subject: Re: Change Default SSL port on Tomcat > > On 16 Dec 2011, at 03:28, Blaxton <blaxx...@yahoo.com> wrote: > >> Hi >> >> Apache 2.2 is connected to Tomcat 6.0.29 through mod_jk and all works fine. >> >> uncommented Connector port=8443 and by adding required fields in web.xml >> accessing secured pages would be forwarded to https with port 8443, >> but when I change the port from 8443 to 443, the same URL that was >> working with 8443, I get "Secure Connection Failed" >> >> is there any thing else I need to do to change the default SSL port ? >> >> >> did following steps to change the SSL port from Tomcat default to 443 but got >> >> >> 1- Generated /root/.keystore with following command: >> %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA >> >> >> 2- then uncommented following lines in server.xml >> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" >> maxThreads="150" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" /> > > Did you add the keystore to the connector? > > > p > >> >> 3- <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/> >> >> >> 4- restarted tomcat > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > yes, I did add the keystore to the connector as well and didn't work either. > as a matter of fact I followed following link step by step > > http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/ > > with keystore placed in Connector, I get following error in browser : > SSL received a record that exceeded the maximum permissible length. > (Error code: ssl_error_rx_record_too_long) > > and nothing shows up in mod_jk.log > > with no keystore and default port 8443 in all Connectors either AJP > or SSL port, every thing is working fine, and I get the certificate > from the secured page and forwarded to https but as soon as I change > the AJP Connector redirectport to 443, I get following error > in mod_jk.log file: > > Secure Connection Failed > An error occurred during a connection to mydomain.com. > Peer's certificate has an invalid signature. > > with following config : > Connector port="8443" and > <Connector port="8009" protocol="AJP/1.3" redirectPort="443"/> > following error shows up in mod_jk.log file: > connecting to back end failed. Tomcat is probably not started or is listening > on the wrong port (errno=61) > > again and finally , with > Connector port="8443" and > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/> > everthing works fine and I will be forwarded to secure http and no problem. > > I think this has to do with mod_jk , this is the mod_jk that can not connect > to port 443 > when default port is changing to 443. > > to make sure , I added the required JkMount /* to vhost1_httpd.conf for port > 443 as well. > > one question : > according to following url : > > To define a Java (JSSE) connector, regardless of whether the APR library > is loaded or not do: > I need to have one of the following in server.xml file: > > > <-- Define a blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 --> > <Connector protocol="org.apache.coyote.http11.Http11Protocol" > port="8443" .../> > > <-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 --> > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" > port="8443" .../> > > > > I added following lines to server.xml > > <!-- Define a non-blocking Java SSL Coyote HTTP/1.1 Connector on port 8443 --> > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" > /> > > but this time the browser shows: > The connection was interrupted > > and nothing shows up in mod_jk.log.
Sorry, I read this on my phone I missed the first bit. If you're using mod_jk/AJP then you do the SSL decoding before sending traffic to Tomcat. HTTPD:80 --> Tomcat:8009 HTTPD:443 --> You should configure SSL on HTTPD instead. p -- [key:62590808]
signature.asc
Description: OpenPGP digital signature