Tomcat: Trouble with SSL https connection on port 8443

StackOverflow https://stackoverflow.com/questions/17452505

  •  02-06-2022
  •  | 
  •  

Question

We are having trouble with the https (port 8443) connection on an app that runs on Tomcat 7. The app is running fine on http (port 80) now. I have uncommented the "Define a SSL ..." section in the server.xml file and set all the property values (see below). However, when I try to run the app through a browser, I get the error, "The remote device or resource won't accept the connection."

Also, when I run a port utility on the server to see what ports are open and listening, it displays port 80 for Tomcat, and port 443 is also listening. Java version 1.6, Tomcat 7 versions.

Any ideas would be greatly appreciated as I've been banging my head on this one for weeks.

<connector port="443" maxhttpheadersize="8192" maxthreads="150" minsparethreads="25" 
            maxsparethreads="75" enablelookups="false" disableuploadtimeout="true" acceptcount="100" 
            scheme="https" secure="true" sslprotocol="TLS" clientauth="false" 
            keystorefile="K:/tomcat1.keystore" keystorepass="password"

command i used to generate keystore file

keytool -genkey -alias tomcat -keyalg RSA -keystore K:/tomcat1.keystore

password: password

I could see in cmd prompt- OpenSSL succeessfully initiated while starting tomcat server.

Help me out

Was it helpful?

Solution

Atlast it started working... Installed new copy of server, modified server.xml as below,

<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" 
           redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
           port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
     This connector uses the JSSE configuration, when using APR, the
     connector should be using the OpenSSL style configuration
     described in the APR documentation -->

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" 
           disableUploadTimeout="true" enableLookups="false" 
           keystoreFile="k:/tomcat.keystore" keystorePass="*****" 
           maxThreads="25" port="8443" 
           protocol="org.apache.coyote.http11.Http11NioProtocol" 
           scheme="https" secure="true" sslProtocol="TLS"/>

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>

Used below command to generate keystore file

keytool -genkey -alias tomcat -keyalg RSA -keystore k:/tomcat.keystore

OTHER TIPS

I know this is a little old, but I noticed that you forgot the protocol inside the connector. Maybe that was the problem.

I had this issue when working with Tomcat 9.0 and Ubuntu 18.04.

For me it was typo in my connection settings, I had to copy a working one from a server to this server, and then modified it accordingly:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" >
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
    <SSLHostConfig>
        <Certificate certificateKeyFile="conf/key.key"
                     certificateFile="conf/cert.crt"
                     certificateChainFile="conf/chain.crt"
                     type="RSA" />
    </SSLHostConfig>
</Connector>

Note: I confirmed that the certificates were working very fine.

That's all

I hope this helps

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top