Welcome to MLink Developer Q&A Community for programmer and developer-Open, Learning and Share
Ask a Question
Welcome To Ask or Share your Answers For Others

Categories

java - Redirect http to https using Tomcat is not working

0 votes
182 views
in Technique[技术] by (71.8m points)

java - Redirect http to https using Tomcat is not working

1. What I want to do

I am currently creating a dynamic web application (JSP/Servlet), and try to setup SSL certificate in Tomcat (v8.5) to access from "https://[hostname]:8443/[AppName]".

2. Current Problem

I cannot reach the page "https://[hostname]:8443/[AppName]" and the following message is showing.

The connection timeout.
the response from the localhost server was not received at a certain time.

Cannot connect to my app using https

But somehow when I try to access the default Tomcat page, I can reach it successfully by "https://[hostname]:8443/"

Can connect to Tomcat default using https

And of course I could connect to my app using "http", like "http://[hostname]:8080/TennisDatabase" Can connect using http

3. What I did

(1)Generated certificate.

keytool -genkey -alias tomcat -keyalg RSA -keypass [password] -keystore mycertificate.cer -storepass [password]

(2)Modify server.xml

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           scheme="https"
           secure="true"
           clientAuth="false"
           sslProtocol="TLS"
           sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
           keystoreFile="conf/mycertificate.cer" keystorePass="[password]" />

(3)Allow port 8443 from iptables.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT

(4)Modify server.xml Also changed permission of file to 755.

<security-constraint>
<web-resource-collection>
    <web-resource-name>HTTPSOnly</web-resource-name>
    <url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

(5)Restart Tomcat

4. Additional Info

When I try crul, I faced the following error.

$ curl -v --tlsv1.1 https://[hostname]:8443/[appname]
* About to connect() to [hostname] port 8443 (#0)
*   Trying [IP address]... connected
* Connected to [hostname] ([IP address]) port 8443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5990
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

CentOS : 6.10 Tomcat : 8.5


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Make sure your server.xml file has the right permission... and the main thing is you mention that you are using JSP/servlet so you have web.xml

add these lines in web.xml

<security-constraint>
<web-resource-collection>
    <web-resource-name>HTTPSOnly</web-resource-name>
    <url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to MLink Developer Q&A Community for programmer and developer-Open, Learning and Share

Just Browsing Browsing

1.2m questions

2.1m answers

5 comments

56.5k users

Most popular tags

Snow Theme by Q2A Market
Powered by Question2Answer
...