Thank you, Chris. You've cut it down to the crux which, in my ignorance of felix vs Tomcats role, I didn't understand. Essentially, chasing the solution in Tomcat is a red herring. Looking at the apps config file, it references "org.apache.felix.https" several times which is a strong sign that Felix Is _supposed_ to handle the SLL, but it's not working as it should. I'll go back to the app's developer with the problem.
__________________________________________ Gregory Beyer gbey...@gatech.edu -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, October 28, 2015 3:31 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat answers on port 80, not on 443 Gregory, On 10/27/15 1:57 PM, Beyer, Gregory L wrote: > Still struggling with this. I'm amazed that implementing SSL in > Tomcat is so difficult. It's not in straight Apache, or IIS. Is > Tomcat really so different an animal? No, Tomcat is not so different an animal. But you aren't using Tomcat. You are using Apache Felix + your application + who knows what else + Tomcat and asking why "Tomcat" won't configure your TLS correctly. Configuring a <Connector> in Tomcat's conf/server.xml file is fairly straightforward. Instead, you have decided to create a <Connector> with no TLS configuration and then expect Tomcat to somehow infer the /real/ TLS configuration information from some arbitrary file where you just happen to have specified the keystore path on the disk. This is a question that YOU need to answer before anyone can offer you help here: is Apache Felix responsible for configuring Tomcat's TLS connector or not? If you don't know the answer, find someone on your team who DOES know the answer and I suspect you'll have 50% of the way to your solution. > I tried changing \\Program files to \\progra~1\ -- no joy. :-( This shouldn't matter. > A question I posed last week that got overlooked -- Am I supposed to > import the .keystore into my cacerts file? When I open the cacerts > file that came with the java install, it contains 30-40 certifs > (key-pairs?) that I didn't create. You should pretty much never modify cacarts. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
