I setup a keystore and got a SSL cert from openssl.com. The exact steps I followed are here: https://drive.google.com/file/d/0B6PUGo7cBLcDTzdkc0pzT2pTMk0/view?usp=sharing
Unfortunately even after following their instructions for tomcat exactly and working with customer support my https connection times out.
It seems like tomcat is up and running, listening on port 443, but I don't know how to debug deeper. Http requests are served just fine, so I know tomcat itself is working just fine.
[ec2-user@ip- logs]$ sudo netstat -tunlp | grep 443
tcp6 0 0 :::443 :::* LISTEN 19407/java
[ec2-user@ip- logs]$ ps -ef | grep java
root 19407 1 1 23:03 pts/0 00:00:06 /usr/java/jre1.8.0_60//bin/java
-Djava.util.logging.config.file=/usr/apache-tomcat-8.0.26//conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/usr/apache-tomcat-8.0.26//endorsed -classpath /usr/apache-tomcat-8.0.26//bin/bootstrap.jar:/usr/apache-tomcat-8.0.26//bin/tomcat-juli.jar -Dcatalina.base=/usr/apache-tomcat-8.0.26/ -Dcatalina.home=/usr/apache-tomcat-8.0.26/ -Djava.io.tmpdir=/usr/apache-tomcat-8.0.26//temp org.apache.catalina.startup.Bootstrap start ec2-user 19449 18021 0 23:13 pts/0 00:00:00 grep --color=auto java
My connector is configured as:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" KeystoreFile="/home/ec2-user/.keystore" KeystorePass="password" />
Please help!
When I configure tomcat, if there's a delay before I see any response, it is almost always because the PORT is blocked for some reason. Are you positive port 443 is open through the firewall (assuming this is being done on an external server)?
If your standard port works fine but 443 just sits and spins for a period of time before failing, I'd put my money on a blocked port.
First ensure the 8443 is open,443 is the port reserved for https,you can use it for tomcat,but I prefer to use 8443 or another port different from 443 to avoid conflict with httpd https. For testing from outside
telnet yourserver 8443
Must connect,if not check the firewall. Then check permission of your certificates,pem or keystore(depend from your configuration) must be readable from group or user which run tomcat(on debian is tomcat8,on fedora simply tomcat).
For example,this is my configuration of /etc/tomcat/server.xml
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/etc/tomcat/keystore" keystorePass="ooops"
clientAuth="false" sslProtocol="TLS"/>
The keystore perms
ls -lh /etc/tomcat/keystore
-r--r-----. 1 tomcat tomcat 2,6K 20 dic 01.06 /etc/tomcat/keystore
The port 8443 is open,and I can connect without problem
来源:https://stackoverflow.com/questions/35052805/configured-ssl-on-tomcat-8-and-connection-times-out