Here is the complete <Connector> configuration

 <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html (blocking &
non-blocking)
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="80" protocol="HTTP/1.1"
               enableLookups="false"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the
APR/native
         documentation -->

    <Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" keystoreFile="conf/tomcat.jks"
keystorePass="password" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />


as for the output to the keytool command:

Isnt the output to that command, confidential information?

Thanks

On Tue, Jun 28, 2016 at 4:06 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Sean,
>
> On 6/28/16 2:31 PM, Sean Son wrote:
> > Hey Philip
> >
> > So i was able to get the page to connect with SSL but I noticed
> > that when I clicked on the little icon that looks like a lock next
> > to https:// in the address bar, I saw this certificate error:
> > Certificate Error There are issues with the site's certificate
> > chain (net::ERR_CERT_COMMON_NAME_INVALID).
>
> This usually means that the URL you are using contains a hostname that
> doesn't match the TLS certificate's "common name".
>
> > Does that mean that SSL has been implemented incorrectly?
> >
> > Also I am trying to get an incoming connection through port 80 to
> > tomcat, to automatically redirect to port 8443 (or 443 which ever
> > you think is easiest to implement)  without having to use a reverse
> > proxy in front of it.  In my server.xml I have the following:
> >
> > <Connector port="80" protocol="HTTP/1.1" enableLookups="false"
> > connectionTimeout="20000" redirectPort="8443" /> <!-- A "Connector"
> > using the shared thread pool--> <!-- <Connector
> > executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1"
> > connectionTimeout="20000" redirectPort="8443" />
> >
> >
> > I cannot get the redirect nor the SSL to work properly. Please
> > help.. Thanks!
>
> Please post your complete <Connector> configuration (minus any
> secrets), plus the output of this command:
>
> $ keytool -list -keystore [your keystore] -keystorepass [passwd]
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJXcti2AAoJEBzwKT+lPKRYYNAP/jimgUxO8gp1W0rOEhqeTszc
> yKjAhGQ6yjBE14mvDK+x2zO7+zw01fzqm3IbsyUeEHdSjo0YPQQl0/h15tnhatgA
> WuMYz78HyXVtB02FPc/gg82LXwI5GowpKRgd3phQ6f1UKOxpcIPZdOG2MvsbLgFG
> m8UX1qxhq34xkQBCkLv+sWd6sgAdGX3P6x/+qxCav3gr+8os5KHFofms6BUReIro
> hTRQ6XXIbB3VvOGC6uK/IXLcKtvf1v7Bv5NUsL4mWd9AFkwLl+VlSjdK055ubftp
> 6CKj5RUmJkJ06Y0Hy1dK4v9mjcMvM0VwsPcwU9E/GOKMMj0Q56EFVKQkroeLjdXj
> bYMPc8FNAG6eYUdlrSx5lfcDqhO/EmiUZXLJykBbPFmcke8jED1b31WdboMaJAce
> YuuYVUgia4+sP2w/u0bXdQB5ie6gYHecYwdhiIB/mYY74jVz6BeQ26x7EjS7w/WT
> 4eI5XbPX6JPtJe0e3WpRIe2Fk/pLQOdcHMbG+g0X69cbRtRcf7PT/feGbJzoC/qJ
> rUiE7okK98P9KawCV4lueV1b7whFAhJs6apGvIOs/1w296eZ60sM373ugF6ygc1b
> gQybFF/NgnwLrKk0A63retwLeSj2ImB0pl3NvJ9yxJZOy+OP4GalV6BJ5+yF5yz2
> UESskxe5+W3VYH8s1Ekt
> =6brz
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to