> >>>> <Connector port="8443" > >>>> protocol="org.apache.coyote. http11.Http11Protocol" > >>>> SSLEnabled="true" maxThreads="200" scheme="https" > >>>> secure="true" keystoreFile="/home/myuser/key.keystore" > >>>> keystorePass="mypass" clientAuth="false" sslProtocol="TLS" > >>>> />
May be its due to the truststore file ? I haven't seen any truststore file in your connector configuration On Wed, Jan 14, 2015 at 11:18 PM, Alexandre Lima <lexsombra...@gmail.com> wrote: > On 13 January 2015 at 18:20, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Alexandre, > > > > On 1/13/15 2:41 PM, Alexandre Lima wrote: > > > On 13 January 2015 at 16:11, Christopher Schultz < > > > ch...@christopherschultz.net> wrote: > > > > > > Alexandre, > > > > > > On 1/13/15 1:37 PM, Alexandre Lima wrote: > > >>>> Hello! This is the first time I'm using tomcat, so I'm a > > >>>> little bit lost... > > > > > > Welcome! Configuring SSL always turns out to be a pain in the > > > neck. > > > > > >>>> Using the tutorials, I could make the server and the > > >>>> application I want to run with it work. The only modification > > >>>> I did until now was changing the http port from 8080 to 80, I > > >>>> did that changing the http conector on servers.xml, enabling > > >>>> authbind and executing the folowing commands: > > >>>> > > >>>> sudo touch /etc/authbind/byport/80 sudo chmod 500 > > >>>> /etc/authbind/byport/80 sudo chown tomcat7 > > >>>> /etc/authbind/byport/80 > > >>>> > > >>>> So, the server and the application I want to use with it are > > >>>> actually working on port 80 > > > > > > You've confirmed this? I've never used authbind before, so I just > > > wanted to make sure that you have Tomcat working properly with > > > non-SSL before you try to add SSL. > > > > > >>>> , but the next and last step, which is enabling an SSL > > >>>> connection, isn't working. > > >>>> > > >>>> What I did following the site's tutorial was: created my > > >>>> self signed certificate with keytools and put it on > > >>>> /home/myuser/key.keystore > > > > > > Can you outline the steps you took? Where is your keystore? > > > > > >>>> Additionally, I've created the folowing conector: > > >>>> > > >>>> <Connector port="8443" > > >>>> protocol="org.apache.coyote.http11.Http11Protocol" > > >>>> SSLEnabled="true" maxThreads="200" scheme="https" > > >>>> secure="true" keystoreFile="/home/myuser/key.keystore" > > >>>> keystorePass="mypass" clientAuth="false" sslProtocol="TLS" > > >>>> /> > > > > > > That looks good so far. > > > > > >>>> Saved it, restarted server and accessed https://myip:8443, > > >>>> but it isn't working. Chrome says "No data recieved" and > > >>>> "Unable to load the webpage because the server sent no data > > >>>> and "Error code: ERR_EMPTY_RESPONSE". > > >>>> > > >>>> Firefox says that the connection was reset while the page was > > >>>> being loaded. > > >>>> > > >>>> That's where I am now. I don't know what to try anymore. > > > > > > Try: > > > > > > $ telnet localhost 8443 > > > > > > (on the server with Tomcat running) > > > > > > That will tell you if the port is open (it should be, otherwise > > > you'd be getting different errors from Chrome and ff) and what, if > > > anything, gets dumped to it when you connect. > > > > > > If you get a connection and nothing happens, try submitting a > > > request like this: > > > > > > $ telnet localhost 8443 GET / > > > > > > [output goes here] > > > > > > Post the results of the above if you get anything. > > > > > > Dumb question: you restarted Tomcat after updating server.xml, > > > right? > > > > > > -chris > > >> > > >> --------------------------------------------------------------------- > > >> > > >> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > >> > > >> > > > Thank you for the reply Christopher! I've used the command: keytool > > > -genkey -alias tomcat -keyalg RSA -keystore > > > /home/myuser/key.keystore to generate the keystore. I should put > > > the keystore in some special directory or this one is fine? So, > > > after, requesting: telnet localhost 8443 > > > > > > I got some strange stuff: > > > > > > ~$ telnet localhost 8443 Trying ::1... Connected to localhost. > > > Escape character is '^]'. GET / ^U^C^A^@^B^B > > > > > > > > > > > > And yes, I've restarted it :) > > > > Good. Now, try this: > > > > $ openssl s_client -debug -connect localhost:8443 > > > > Assuming that the server is running and listening for SSL connections, > > s_client should be able to connect, and it should give you tons of > > good information about what's happening, there. > > > > - -chris > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1 > > Comment: GPGTools - http://gpgtools.org > > > > iQIcBAEBCAAGBQJUtYwOAAoJEBzwKT+lPKRYkRIQAKFA3/GpDdzT5ZVWZ8+VXjQr > > AYgy42TqufEs8RicHNjB0Ey92azX4zNMau4yBxQ3dqv660vOqW3PW1XSVC8yF+ke > > +QBwivtJCglep+7nsPTTL4nSM4yAOCGMzYKGXidNdczvqcnoM2XA8jg0JiM68gBx > > Jxl7MdM/S2ktngs8tuG6SSaiY5eyPB1ySUwXOD3zfrVLJK7Ex4y2USt9IKAEYhBl > > A3kxWHIjlV+1m+ZAf6WmwWMmsBWxtVVx6iDAiR/ZIzvY/VMpqtSZ0rSGeM7OnfhV > > ER2NN+4z+2kqskj5WJ6ZX2Q6i7CbdPfrCq6RstPOLaWNZICIoqVlR43I21+BOc5o > > ugORSS97XBuQy5fXfBbgOJoN0wupttBNB44We9ZmHexuInVl3uxbyDra8yRkVT8M > > qT7jcDW8lMFmCxmbilelsDRpnYj55j5OA+453nI0vQap/ojZBTb/fgRsl6PnPTRG > > omd+jC1wMFIfycu+2ahJB1YHNTGTfD3MWP/Wey/82u3X9QJD35TTcNt+gyVrCLtw > > eLoUUqkaCSZNuudWBpm61/2gp//c9adWRZTozd9/c4Yasp8f2ruLDK3+6rA7ohM5 > > OZ7Mh5wEal8zNnBC7sQeuoekkiQKDRQlQdATSAthlszFMByn+k5A5IJNWUB1asUp > > VPf4zB2XaBIxgnKm3qPV > > =Bl3E > > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > Hello Chris! > I've tried the command you suggested and the most important thing I found > was this: > > subject=/C=Unknown/ST=Unknown/L=Unknown/O=SysAid/OU=Unknown/CN=Unknown > issuer=/C=Unknown/ST=Unknown/L=Unknown/O=SysAid/OU=Unknown/CN=Unknown > --- > No client certificate CA names sent > --- > SSL handshake has read 1073 bytes and written 555 bytes > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 > Server public key is 1024 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES256-SHA384 > Session-ID: > 54B6B15D0A70F67D6044536473C28EE0A9E4CD7752925C3B2ECB03908B9B77D6 > Session-ID-ctx: > Master-Key: > > F79F0B995AD24ABEC16A216A361B75BE72EF004F95DAF1459DA744B9D50F75A1431F0E60BA9CA1924C98EA01032373C1 > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1421259101 > Timeout : 300 (sec) > Verify return code: 10 (certificate has expired) > > SysAid is the application I'm running under tomcat. > Does it mean that SysAid is a server behind tomcat? And so I would have to > configure the connection in it? > That's strange. I would like to hear your opinion. > > -- > -- > Alexandre Lima >
