On 13 January 2015 at 16:41, Alexandre Lima <lexsombra...@gmail.com> wrote:
> > > On 13 January 2015 at 16:11, Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Alexandre, >> >> On 1/13/15 1:37 PM, Alexandre Lima wrote: >> > Hello! This is the first time I'm using tomcat, so I'm a little bit >> > lost... >> >> Welcome! Configuring SSL always turns out to be a pain in the neck. >> >> > Using the tutorials, I could make the server and the application I >> > want to run with it work. The only modification I did until now was >> > changing the http port from 8080 to 80, I did that changing the >> > http conector on servers.xml, enabling authbind and executing the >> > folowing commands: >> > >> > sudo touch /etc/authbind/byport/80 sudo chmod 500 >> > /etc/authbind/byport/80 sudo chown tomcat7 /etc/authbind/byport/80 >> > >> > So, the server and the application I want to use with it are >> > actually working on port 80 >> >> You've confirmed this? I've never used authbind before, so I just >> wanted to make sure that you have Tomcat working properly with non-SSL >> before you try to add SSL. >> >> > , but the next and last step, which is enabling an SSL connection, >> > isn't working. >> > >> > What I did following the site's tutorial was: created my self >> > signed certificate with keytools and put it on >> > /home/myuser/key.keystore >> >> Can you outline the steps you took? Where is your keystore? >> >> > Additionally, I've created the folowing conector: >> > >> > <Connector port="8443" >> > protocol="org.apache.coyote.http11.Http11Protocol" >> > SSLEnabled="true" maxThreads="200" scheme="https" secure="true" >> > keystoreFile="/home/myuser/key.keystore" keystorePass="mypass" >> > clientAuth="false" sslProtocol="TLS" /> >> >> That looks good so far. >> >> > Saved it, restarted server and accessed https://myip:8443, but it >> > isn't working. Chrome says "No data recieved" and "Unable to load >> > the webpage because the server sent no data and "Error code: >> > ERR_EMPTY_RESPONSE". >> > >> > Firefox says that the connection was reset while the page was being >> > loaded. >> > >> > That's where I am now. I don't know what to try anymore. >> >> Try: >> >> $ telnet localhost 8443 >> >> (on the server with Tomcat running) >> >> That will tell you if the port is open (it should be, otherwise you'd >> be getting different errors from Chrome and ff) and what, if anything, >> gets dumped to it when you connect. >> >> If you get a connection and nothing happens, try submitting a request >> like this: >> >> $ telnet localhost 8443 >> GET / >> >> [output goes here] >> >> Post the results of the above if you get anything. >> >> Dumb question: you restarted Tomcat after updating server.xml, right? >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> Comment: GPGTools - http://gpgtools.org >> >> iQIcBAEBCAAGBQJUtW3WAAoJEBzwKT+lPKRYzVMP/Rl9RP6tpuU+leyUcyNjLy+2 >> hMSmXJ1GfttVxuC6KmD+leV19uyd6dKu16dA4v/LZMX+Un7uQIfY97vUleqg1LkA >> HnwQYv6Sond5TOJR4PeY644qULBOOh4Bi+kJuS4HFjrAUCcG6KHSJfkhLluX/w6c >> +I4/G5MYQQ0r68TOnLAn9ijTZl957ekj3ainc4XmL1U5BA7q0/fOttgVmytuUq3k >> q3Kh/IU1S2ovu4milc0IWGcQttlZ9cn1nZf/nGZyuyWun0gQNLL5oX6ZY5ys5x1D >> 1LQ1TZWb6XL3TK1qBHvbs+u4qnfl3ZSWEKMWntYq0JHLDC2lvL8QcLvVkPguYN/W >> 6HHEp4fNfmqeWLvS7aj6ugNT6UQ4iWxhPJ882YeVQ06D9sLHGL5gIqJE+OPYp8pU >> hyA7MnGDwKpbrTRq6u+QOUUF4Z+g/j++xTsdBk/+rrzaZs4HuLsBtikRbOoNr6ZJ >> 4c1WnuUiFkXbWYkMOEA9p3/Iy/nIay1aAmnqBEuWSBr83+WJvkB+/Nyf4HDZX6Ti >> AElDG4K6yBVtN1bThmwFfWOPqO+zieP/RhdHUgVw7VOU7hi4xBMpcF+UZKImrkGs >> kfN0tqSMriAQ7CL49UbrFxY4bsC0u4uVRJyoB4EOtaPy9cQH01rIrlotwOuPOwD4 >> lK/2rtEZo3uAazzi7oTP >> =sNDG >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > Thank you for the reply Christopher! > I've used the command: keytool -genkey -alias tomcat -keyalg RSA -keystore > /home/myuser/key.keystore > to generate the keystore. I should put the keystore in some special > directory or this one is fine? > So, after, requesting: telnet localhost 8443 > > I got some strange stuff: > > ~$ telnet localhost 8443 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > GET / > ^U^C^A^@^B^B > > > > And yes, I've restarted it :) > > -- > -- > Alexandre Lima > Oh, I forgot. Right after that I got: "Connection closed by foreign host." And yes, it's working fine on port 80, it's even using DNS already. -- -- Alexandre Lima
