I've followed this guide so as to setup my Tomcat 8 instance with SSL layer, producing a client and server keystores and a public client certificate autosigned.
The issue is, I guess, that I don't really know how to configure Tomcat's Connector...
Here you are my current server.xml file (removed unnecessary comments):
<?xml version='1.0' encoding='utf-8'?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener"/> <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/> <GlobalNamingResources> <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/> </GlobalNamingResources> <Service name="Catalina"> <Connector connectionTimeout="40000" port="9090" protocol="HTTP/1.1" redirectPort="8443"/> <!-- I've also tried using these ones: --> <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <!--<Connector clientAuth="true" port="8443" minSpareThreads="5" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" keystoreType="JKS" keystorePass="triple1327" truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" truststoreType="JKS" truststorePass="triple1327" sslProtocol="TLS" />--> <!-- Don't work on tomcat8: maxSpareThreads="75" SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" --> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="true" sslProtocol="TLS" keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" keystoreType="JKS" keystorePass="triple1327" truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" truststoreType="JKS" truststorePass="triple1327" /> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Engine defaultHost="localhost" name="Catalina"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/> <Context path="/rutas" docBase="C:\Users\IN006\cavwebapp" reloadable="true" crossContext="false"> </Context> </Host> </Engine> </Service> </Server> Using this, I've tried to access to the tomcat welcome page:
- localhost:8443
- https://localhost
- https://localhost:8443
But none of them worked...
Any tip?
Thank you!
EDIT
Solution:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat7/server.jks" keystorePass="changeit" /> I've been able to access to it through https://localhost:8443
