Tomcat: Trouble with SSL https connection on port 8443

Question

We are having trouble with the https (port 8443) connection on an app that runs on Tomcat 7. The app is running fine on http (port 80) now. I have uncommented the "Define a SSL ..." section in the server.xml file and set all the property values (see below). However, when I try to run the app through a browser, I get the error, "The remote device or resource won't accept the connection."

Also, when I run a port utility on the server to see what ports are open and listening, it displays port 80 for Tomcat, and port 443 is also listening. Java version 1.6, Tomcat 7 versions.

Any ideas would be greatly appreciated as I've been banging my head on this one for weeks.

<connector port="443" maxhttpheadersize="8192" maxthreads="150" minsparethreads="25" 
            maxsparethreads="75" enablelookups="false" disableuploadtimeout="true" acceptcount="100" 
            scheme="https" secure="true" sslprotocol="TLS" clientauth="false" 
            keystorefile="K:/tomcat1.keystore" keystorepass="password"

command i used to generate keystore file

keytool -genkey -alias tomcat -keyalg RSA -keystore K:/tomcat1.keystore

password: password

I could see in cmd prompt- OpenSSL succeessfully initiated while starting tomcat server.

Help me out

Answer 1

use command prompt:

catalina configtest

It's fairly helpful in letting you know if there are any issues with your "server.xml" configuration. Catalina is located in the tomcat bin directory! It helped me solve an issue where my ssl port wasn't being opened by tomcat. At the time, I wasn't getting any log messages telling me what I was doing wrong; but that might have been due to another issue that I've corrected.

Answer 2

I had this issue when working with Tomcat 9.0 and Ubuntu 18.04.

For me it was typo in my connection settings, I had to copy a working one from a server to this server, and then modified it accordingly:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" >
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
    <SSLHostConfig>
        <Certificate certificateKeyFile="conf/key.key"
                     certificateFile="conf/cert.crt"
                     certificateChainFile="conf/chain.crt"
                     type="RSA" />
    </SSLHostConfig>
</Connector>

Note: I confirmed that the certificates were working very fine.

That's all

I hope this helps

Answer 3

I know this is a little old, but I noticed that you forgot the protocol inside the connector. Maybe that was the problem.

Answer 4

Atlast it started working... Installed new copy of server, modified server.xml as below,

<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" 
           redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
           port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
     This connector uses the JSSE configuration, when using APR, the
     connector should be using the OpenSSL style configuration
     described in the APR documentation -->

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" 
           disableUploadTimeout="true" enableLookups="false" 
           keystoreFile="k:/tomcat.keystore" keystorePass="*****" 
           maxThreads="25" port="8443" 
           protocol="org.apache.coyote.http11.Http11NioProtocol" 
           scheme="https" secure="true" sslProtocol="TLS"/>

<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>

Used below command to generate keystore file

keytool -genkey -alias tomcat -keyalg RSA -keystore k:/tomcat.keystore