Reputation: 342
AWS Single Instance Tomcat SSL
I'm trying to setup a Apr SSL Connector on my EC2 tomcat instance but it's not working, I don't know why.
I have valid certificate and public key files. Apr module is installed, I've added port 8443 to my EC2 instance's security group but when I'm trying to access the link https://myapp-env.elasticbeanstalk.com:8443/ the page is not available.
I've added the following configuration to tomcat's server.xml:
<Connector
port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="200"
scheme="https"
secure="true"
SSLEnabled="true"
SSLCertificateFile="/etc/ssl/certs/myapp.crt"
SSLCertificateKeyFile="/etc/ssl/certs/myapp.key"
clientAuth="optional"
sslProtocol="TLSv1" />
Tomcat's log doesn't show any error message, it's exactly the opposite:
Oct 24, 2014 1:51:50 AM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1h 5 Jun 2014)
Oct 24, 2014 1:51:50 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "http-apr-8080"
Oct 24, 2014 1:51:51 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "ajp-apr-8009"
Oct 24, 2014 1:51:51 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "http-apr-8443"
Oct 24, 2014 1:51:51 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2083 ms
Oct 24, 2014 1:51:51 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Oct 24, 2014 1:51:51 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.55
What am I missing? Thanks in advance.
Upvotes: 1
Views: 1868
Answers (1)
Reputation: 342
It's actually easier than I thought, far easier! I've found the appropriate documentation in:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html
In short, having the certificate and private key, in a Linux AMI, you must run the following commands:
sudo yum install apr.i686
sudo yum install mod_ssl
sudo yum install tomcat-native.x86_64
aws configure (enter your aws account data here)
aws iam upload-server-certificate --server-certificate-name yourAliasHere --certificate-body file://certificate.crt.pem --private-key file://private.key.pem
It's mandatory to use file:// notation. After that, just go to your Elastic Beanstalk, Configuration, Load Balancing and set Secure listener port and SSL certificate ID (which you've just uploaded) fields then Save.
Upvotes: 1
Related Questions
- Configuring SSL certificate to SINGLE Elastic Beanstalk TOMCAT instance
- How to install a ssl certificate for tomcat server on a aws linux machine
- Using SSL with Tomcat and Spring
- Tomcat 8 HTTPS connection not working on AWS EC2
- Java web service SSL on AWS EC2?
- How to configure HTTPS for Tomcat on AWS
- Installing SSL Certificate on AWS EBS Single Instance (Tomcat)
- Configure SSL certificate by ACM on single instance tomcat on AWS
- Install SSL on EC2 Tomcat server
- SSL and Amazon AWS java SDK