Tomcat6 and SSL

whositwhatnow · 07-10-2012, 01:30 PM

I'm having a heck of a time getting SSL to work with tomcat6. tomcat6 is installed, apache. port 8080 working no problem.
I have my own SSL certs already set. I want to be able to use port 8443 as my tomcat ssl connection.

now i've uncommented the section in my server.xml

<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS"/>
I'm missing something cause its not working. Notes for tomcat are confusing i've reda online there are so many ways people are doing it. I want to use the http option.

sag47 · 07-10-2012, 02:11 PM

Quote:

Originally Posted by whositwhatnow

I'm having a heck of a time getting SSL to work with tomcat6. tomcat6 is installed, apache. port 8080 working no problem.
I have my own SSL certs already set. I want to be able to use port 8443 as my tomcat ssl connection.

now i've uncommented the section in my server.xml

<Connector port="8443" protocol="HTTP/1.1"
SSLEnabled="true"
maxThreads="150"
scheme="https" secure="true"
clientAuth="false"
sslProtocol="TLS"/>
I'm missing something cause its not working. Notes for tomcat are confusing i've reda online there are so many ways people are doing it. I want to use the http option.

You're missing the keystore. See this article. If you put your ssl keystore in the {tomcat.home}/conf directory then your definition would look like this

Code:

<Connector port="8443" protocol="HTTP/1.1"
                SSLEnabled="true"
                maxThreads="150"
                scheme="https" secure="true"
                clientAuth="false"
                sslProtocol="TLS"
                keystoreFile="conf/mykeystore.keystore"
                keystorePass="changeit"
                />

whositwhatnow · 07-24-2012, 08:34 AM

Instead of using the separate pem key as above i opted to let apache do the work through SSL. So i added the proxypass in the ssl.conf file.

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName website.ca:443

<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/

So it works that way BUT now all my other web pages using ssl do not connect(e.g standard web page)

whositwhatnow · 07-24-2012, 08:55 AM

figured it out !!
I was passing EVERYTHING to tomcat, so all i need to do is create a new entry for tomcat apps and keep everything else pointing to 443.
E.G.

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName website.ca:443

<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>

ProxyPass /1stapp ajp://localhost:8009/1stapp
ProxyPassReverse /1stapp ajp://localhost:8009/1stapp