Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL not working for Tomcat 8

Tags:

java

https

ssl

tomcat

I'm trying to configure SSL(https) for tomcat 8 and have done below steps but still its not working

1) Create the keystore file using

keytool -genkey -alias myservername -keyalg RSA

2) Generated CSR as below

keytool -certreq -alias myservername -file C:\tomcat_ssl\local_machine\test.csr -keystore C:\tomcat_ssl\local_machine\test.keystore

3) Then we had Generated the Certificate and then imported the chain certificate and certificate as below

keytool -import -alias root -keystore C:\tomcat_ssl\local_machine\test.keystore -trustcacerts -file C:\tomcat_ssl\local_machine\srv_chain.cer

keytool -import -alias myservername -keystore C:\tomcat_ssl\local_machine\test.keystore -file C:\tomcat_ssl\local_machine\srv_main.cer

4) Finally Did the changes in tomcat server.xml as below

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\tomcat_ssl\local_machine\test.keystore" keystorePass="123" keystoreAlias="myservername"/>

Restarted the tomcat and its not working and showing below screen

Error when accessing tomcat https

In tomcat logs it's not showing any errors and also i have tried other options like keeping cipher tag in connection, Enabled TLS 1,2,3 , changing https port etc no avail.

Also i have tested the https port 443 and it's showing as listening when i netstat. Any idea why this is not working

Added Logs after enabling ssl debugging in tomcat

http-nio-443-exec-5, fatal error: 10: General SSLEngine problem
javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
http-nio-443-exec-5, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
http-nio-443-exec-5, WRITE: TLSv1.2 Alert, length = 2
http-nio-443-exec-5, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled
http-nio-443-exec-5, called closeOutbound()
http-nio-443-exec-5, closeOutboundInternal()
[Raw write]: length = 7
like image 226
JavaGeek Avatar asked Jul 16 '17 14:07

JavaGeek

People also ask

Is Tomcat 8.0 still supported?

The Apache Tomcat team announces that support for Apache Tomcat 8.0. x will end on 30 June 2018. This means that after 30 June 2018: releases from the 8.0.

Can Tomcat run on port 443?

Tomcat can be configured to listen on SSL Port 443. Then you could turn off the SSL listener in the Apache Web server and use only Tomcat to handle your SSL connections. You can modify the Tomcat configuration by editing the file named "server. xml" in the Tomcat conf directory.

How do I install and configure SSL/TLS on Tomcat?

To install and configure SSL/TLS support on Tomcat, you need to follow these simple steps. For more information, read the rest of this How-To. Create a keystore file to store the server's private key and self-signed certificate by executing the following command:

Why do I get SSL handshake error in Tomcat?

When Tomcat starts up, I get an exception like "java.net.SocketException: SSL handshake error javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled." A likely explanation is that Tomcat cannot find the alias for the server key within the specified keystore.

Does Apache Tomcat support SSL?

If you're using Apache Tomcat, chances are that at least some of the data you're handling is sensitive, and SSL is an easy way to offer your users security. The good news is that Tomcat fully supports the SSL protocol.

Why can't Tomcat find the alias for the server key?

A likely explanation is that Tomcat cannot find the alias for the server key within the specified keystore. Check that the correct keystoreFile and keyAlias are specified in the <Connector> element in the Tomcat configuration file .

2 Answers

As you are using java 8, thus default will TLS 1.2.

By looking at your screenshot, client TLS is not enabled in your IE 11. By default IE 11 has SSL 3.0, TLS 1.0, 1.1, 1.2 enabled.

If you see the protocols matrix, you will come to why the connection is not successful.

Thus, please update your IE 11 SSL TLS settings or try to use another browser to verify.

like image 71
Rishikesh Darandale Avatar answered Oct 27 '22 00:10

Rishikesh Darandale

I had the same issue long time ago.

Mi solution was (the steps that I follow here depends on the CA instructions, the CA site ussually have the complete instruccions of how generate the certificate correctly):

  1. Create the certificate again but with the following commands (keysize 2048) (make sure that name and lastname are the same as your site name example: yourhost.com:

keytool -genkey -alias yourhost.com -keyalg RSA -keysize 2048 -keystore servername.jks

  1. Genearate de csr

keytool -certreq -alias yourhost.com -file mycsr.txt -keystore servername.jks

  1. Install the certificate

keytool -import -trustcacerts -alias yourhost.com -file file-from-your-ca.p7b -keystore servername.jks

On the server.xml connector put the following configuration (note: the sslProtocol possible values depends on the jvm that your are using, please see the possible values for java 8 java 8 ssl values)

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false"  keystoreFile="/home/myserver/ssl/servername.jks" keystorePass="yourpass" keystoreAlias="yourhost.com" sslProtocol="TLSv1.2"  />

Restart tomcat

There are more examples of how configure secure connector on this site: Secure Tomcat

like image 40
Daniel C. Avatar answered Oct 26 '22 22:10

Daniel C.
Sign in to Comment

Related questions

Add custom data source to Jaspersoft Studio
Sending a stream of documents to a Jersey @POST endpoint
Types in a LambdaMetaFactory
ExecutorService that executes tasks sequentially but takes threads from a pool
How to choose what implementation get's injected in to an autowired constructor
Why does MockMvc always return empty content()?
Splunk HttpEventCollectorLogbackAppender how to set source and host?
How to configure logback-access.xml with Spring Boot
Profiling Java application in kubernetes
Spring Data REST + JPA remove from OneToMany collection [not owner side]
Final field marked @NotNull is not initialized
Vaadin: How to add META-INF/services to the war?
Class inheritance: generic extends generic
Maven - Transitive dependencies are not resolved for artifact deployed on Artifactory
android testBuildType not working
IntelliJ IDEA - "Imported project refers to unknown jdks JavaSE-1.8" while import Eclipse projects
How glassfish domains are separated from each other?
Error in hadoop jobs due to hive query error
What's an "ignorable character in a Java identifier"
REST service call with Camel which requires authentication api called first

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!