0

I have wanted to make my tomcat service connection as secure. So I’ve generated the CSR and got a sign-in from my originations. While generating the CSR, I have for .CSR and Key file. When I do a sign in I have received the below certificates.

ServerCertifictae.crt and ChainBundle2.crt (combination of Root and inetemident.crt files)

To enable the SSL, I have configured the below setting in the server.xml file which will be available in the tomcat config folder. After the config change, I have done the necessary service restarts. But still, tomcat not taking the SSL certificate and could see non-secure connections.

Kindly help me out. What I’m missing here and what needs to be corrected?

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
           maxThreads="150" SSLEnabled="true" >
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
    <SSLHostConfig>
        <Certificate certificateKeyFile="conf/ssl/crt2022/ssl.key"
                     certificateFile="conf/ssl/crt2022/ServerCertificate.crt"
                     certificateChainFile="conf/ssl/crt2022/ChainBundle2.crt"
                     type="RSA" />
    </SSLHostConfig>
</Connector>
Sivakumar Palanisamy
  • 27
  • 6
  • Does this answer your question? [Eclipse WTP: How do I enable SSL on Tomcat?](https://stackoverflow.com/questions/951890/eclipse-wtp-how-do-i-enable-ssl-on-tomcat) – Filburt May 13 '22 at 08:04
  • No, this answer not working for me. Am not using Eclipse to execute the service. I'm running tomcat from Linux VM – Sivakumar Palanisamy May 13 '22 at 08:58
  • There are a bunch of other related questions - maybe you can find an existing answer there as this seems to be more of a common problem that others are likely to have encountered before. – Filburt May 13 '22 at 09:24
  • Creating an SSL connector should _enable_ HTTPS (SSL/TLS) connections, but it does _not prevent_ HTTP (insecure) ones. Are (all!) your clients trying to connect with HTTPS to port 8443? (PS: the word for non-root CAs is 'intermediate'. They are also called 'chain' CAs/certs, which is easier to type :-) – dave_thompson_085 May 13 '22 at 09:52
  • @dave_thompson_085 - yes, its connecting to the PORT 8443. – Sivakumar Palanisamy May 13 '22 at 09:55
  • @dave_thompson_085 - after adding the below conf, tomcat not starting " " – Sivakumar Palanisamy May 13 '22 at 11:45
  • When Tomcat doesn't start.... what *does* it do? Check the logs for error messages and update your question with anything relevant. – Christopher Schultz May 14 '22 at 13:12

0 Answers0