0

I configured SSL on Tomcat 8 but getting the error on running the link https://localhost:8443

<Connector 
   port="8443" 
   protocol="org.apache.coyote.http11.Http11NioProtocol"
   maxHttpHeaderSize="1048576" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
   enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true" acceptCount="100" 
   scheme="https" 
   secure="true" 
   clientAuth="false" 
   sslProtocol="TLS" 
   keystoreFile="C:\Program Files\Java\jdk1.8.0_101\bin\old\bbmwtapx01.ad.bgep.co.uk.jks‌​"       
   keystorePass="****" 
   keyAlias="bbmwtapx01.ad.bgep.co.uk"/>

This site can’t provide a secure connection localhost sent an invalid response. Try running Windows Network Diagnostics. ERR_SSL_PROTOCOL_ERROR

Please help me on this. I tried many options but not able to run on https.

Thank-you in Advance Thanks, Neha

pedrofb
  • 37,271
  • 5
  • 94
  • 142
Neha
  • 1
  • 1

1 Answers1

0

You need to add SSLEnabled="true". The default value is false

See https://tomcat.apache.org/tomcat-8.0-doc/config/http.html

Use this attribute to enable SSL traffic on a connector. To turn on SSL handshake/encryption/decryption on a connector set this value to true. The default value is false.

pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • Thanks for reply!! I have added SSLEnable = "true" ...Now getting the error as : 14-Dec-2016 21:03:17.205 SEVERE [main] org.apache.coyote.AbstractProtocol.init Failed to initialize end point associated with ProtocolHandler ["https-jsse-nio2-8443"] java.lang.IllegalArgumentException: java.io.IOException: Alias name bbmwtapx01.ad.bgep.co.uk does not identify a key entry – Neha Dec 14 '16 at 11:05
  • This message means that there is not any certificate called `bbmwtapx01.ad.bgep.co.uk` in your JKS. Check which certificates are in the keystore with `keytool -list -v -keystore keystore.jks` – pedrofb Dec 14 '16 at 11:13
  • It has 3 entries : Keystore provider: SUN Your keystore contains 3 entrie Alias name: root Creation date: Dec 9, 2016 Entry type: trustedCertEntry Extensions: Alias name: bbmwtapx01.ad.bgep. Creation date: Dec 9, 2016 Entry type: trustedCertEntry I think I need to export private key ..Do you have any idea how we can do that ? – Neha Dec 14 '16 at 12:19
  • Please, one question at a time. The value you have to set in `keyAlias` is the "alias name" listed from the JKS. It should correspond with a key pair (private + public key) of a SSL certificate. To import a key pair into JKS, you have a lot of examples in SO. Alternatively you can use the tool KeyStoreExplorer (http://www.keystore-explorer.org/) – pedrofb Dec 14 '16 at 12:34
  • Can you please give me an example to import a key pair into JKS. I am not sure which one i need to perform .. – Neha Dec 15 '16 at 05:25
  • Hi @Neha, did you solve the issue? Remenber you can mark the answer as accepted if you think it solves your question – pedrofb Dec 16 '16 at 08:17