-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Alexandre,
On 1/13/15 2:41 PM, Alexandre Lima wrote: > On 13 January 2015 at 16:11, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Alexandre, > > On 1/13/15 1:37 PM, Alexandre Lima wrote: >>>> Hello! This is the first time I'm using tomcat, so I'm a >>>> little bit lost... > > Welcome! Configuring SSL always turns out to be a pain in the > neck. > >>>> Using the tutorials, I could make the server and the >>>> application I want to run with it work. The only modification >>>> I did until now was changing the http port from 8080 to 80, I >>>> did that changing the http conector on servers.xml, enabling >>>> authbind and executing the folowing commands: >>>> >>>> sudo touch /etc/authbind/byport/80 sudo chmod 500 >>>> /etc/authbind/byport/80 sudo chown tomcat7 >>>> /etc/authbind/byport/80 >>>> >>>> So, the server and the application I want to use with it are >>>> actually working on port 80 > > You've confirmed this? I've never used authbind before, so I just > wanted to make sure that you have Tomcat working properly with > non-SSL before you try to add SSL. > >>>> , but the next and last step, which is enabling an SSL >>>> connection, isn't working. >>>> >>>> What I did following the site's tutorial was: created my >>>> self signed certificate with keytools and put it on >>>> /home/myuser/key.keystore > > Can you outline the steps you took? Where is your keystore? > >>>> Additionally, I've created the folowing conector: >>>> >>>> <Connector port="8443" >>>> protocol="org.apache.coyote.http11.Http11Protocol" >>>> SSLEnabled="true" maxThreads="200" scheme="https" >>>> secure="true" keystoreFile="/home/myuser/key.keystore" >>>> keystorePass="mypass" clientAuth="false" sslProtocol="TLS" >>>> /> > > That looks good so far. > >>>> Saved it, restarted server and accessed https://myip:8443, >>>> but it isn't working. Chrome says "No data recieved" and >>>> "Unable to load the webpage because the server sent no data >>>> and "Error code: ERR_EMPTY_RESPONSE". >>>> >>>> Firefox says that the connection was reset while the page was >>>> being loaded. >>>> >>>> That's where I am now. I don't know what to try anymore. > > Try: > > $ telnet localhost 8443 > > (on the server with Tomcat running) > > That will tell you if the port is open (it should be, otherwise > you'd be getting different errors from Chrome and ff) and what, if > anything, gets dumped to it when you connect. > > If you get a connection and nothing happens, try submitting a > request like this: > > $ telnet localhost 8443 GET / > > [output goes here] > > Post the results of the above if you get anything. > > Dumb question: you restarted Tomcat after updating server.xml, > right? > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > Thank you for the reply Christopher! I've used the command: keytool > -genkey -alias tomcat -keyalg RSA -keystore > /home/myuser/key.keystore to generate the keystore. I should put > the keystore in some special directory or this one is fine? So, > after, requesting: telnet localhost 8443 > > I got some strange stuff: > > ~$ telnet localhost 8443 Trying ::1... Connected to localhost. > Escape character is '^]'. GET / ^U^C^A^@^B^B > > > > And yes, I've restarted it :) Good. Now, try this: $ openssl s_client -debug -connect localhost:8443 Assuming that the server is running and listening for SSL connections, s_client should be able to connect, and it should give you tons of good information about what's happening, there. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUtYwOAAoJEBzwKT+lPKRYkRIQAKFA3/GpDdzT5ZVWZ8+VXjQr AYgy42TqufEs8RicHNjB0Ey92azX4zNMau4yBxQ3dqv660vOqW3PW1XSVC8yF+ke +QBwivtJCglep+7nsPTTL4nSM4yAOCGMzYKGXidNdczvqcnoM2XA8jg0JiM68gBx Jxl7MdM/S2ktngs8tuG6SSaiY5eyPB1ySUwXOD3zfrVLJK7Ex4y2USt9IKAEYhBl A3kxWHIjlV+1m+ZAf6WmwWMmsBWxtVVx6iDAiR/ZIzvY/VMpqtSZ0rSGeM7OnfhV ER2NN+4z+2kqskj5WJ6ZX2Q6i7CbdPfrCq6RstPOLaWNZICIoqVlR43I21+BOc5o ugORSS97XBuQy5fXfBbgOJoN0wupttBNB44We9ZmHexuInVl3uxbyDra8yRkVT8M qT7jcDW8lMFmCxmbilelsDRpnYj55j5OA+453nI0vQap/ojZBTb/fgRsl6PnPTRG omd+jC1wMFIfycu+2ahJB1YHNTGTfD3MWP/Wey/82u3X9QJD35TTcNt+gyVrCLtw eLoUUqkaCSZNuudWBpm61/2gp//c9adWRZTozd9/c4Yasp8f2ruLDK3+6rA7ohM5 OZ7Mh5wEal8zNnBC7sQeuoekkiQKDRQlQdATSAthlszFMByn+k5A5IJNWUB1asUp VPf4zB2XaBIxgnKm3qPV =Bl3E -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
