littleK
littleK

Reputation: 20163

Trouble enabling 8443 on Apache Tomcat 7

I enabled the connector for port 8443 on my Apache Tomcat 7 web server. When I try to access a deployed application (https://myserver:8443/myapplication/) or the tomcat manager on 8443, however, the page does not resolve. I'm wondering if I missed a step? Tomcat starts without any errors or warnings. Here are the changes that I made:

Allowed port 8443 on my firewall and uncommented the 8443 connector in server.xml:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="/var/lib/tomcat7/localhost.jks"
           keystorePass="mypassword" keyAlias="localhost" />

I added the following to catalina.sh:

JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/var/lib/tomcat7/localhost.jks -Djavax.net.ssl.keyStore=/var/lib/tomcat7/localhost.jks -Djavax.net.ssl.keyStorePassword=mypassword -Djavax.net.ssl.trustStorePassword=mypassword"

Finally, I restarted Tomcat:

Nov 9, 2012 10:51:44 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Nov 9, 2012 10:51:44 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Nov 9, 2012 10:51:44 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 574 ms
Nov 9, 2012 10:51:44 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Nov 9, 2012 10:51:44 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.26
Nov 9, 2012 10:51:44 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /var/lib/tomcat7/webapps/myapplication.war
Nov 9, 2012 10:51:45 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext

Configuring Spring Security Core ...
... finished configuring Spring Security Core

Nov 9, 2012 10:51:57 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'grails'
Nov 9, 2012 10:51:57 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
Nov 9, 2012 10:51:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Nov 9, 2012 10:51:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Nov 9, 2012 10:51:57 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13439 ms

As you can see, it started ProtocolHandler for 8443.

Do I need to change the alias name of my certificate to the real server name rather than localhost? That is the only thing that I can think of. Does anyone have any other ideas?

Here is the nmap for port 8443:

$nmap -p 8443 localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-10 02:47 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000091s latency).
rDNS record for 127.0.0.1: localhost.localdomain
PORT     STATE SERVICE
8443/tcp open  https-alt

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds

Thanks!


Catalina.out after adding Djavax.net.debug=all to catalina.sh:

...
Nov 11, 2012 4:24:36 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'grails'
Nov 11, 2012 4:24:36 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
Nov 11, 2012 4:24:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Nov 11, 2012 4:24:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-8443-Acceptor-0, called closeSocket()
Nov 11, 2012 4:24:37 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13399 ms

Upvotes: 1

Views: 12268

Answers (2)

riteshkasat
riteshkasat

Reputation: 803

open /etc/hosts file in sudo mode

Here you can do mapping of ip to domain name.

Upvotes: 0

littleK
littleK

Reputation: 20163

Well, I'm embarrassed. It turns out that if I navigate to the actual IP address, then it works (as opposed to the domain name). It seems that I will need to provide a mapping somewhere (does anyone know where?) so that it resolves with the domain name....

Upvotes: 1

Related Questions