Setup SSL (self signed cert) with tomcat

Question

I am mostly following this page:

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

I used this command to create the keystore

keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore

and answered the prompts

Then i edited my server.xml file and uncommented/edited this line

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
           keystoreFile="/etc/tomcat6/keystore" 
           keystorePass="tomcat" />

then I go to the web.xml file for my project and add this into the file

     <security-constraint>
            <web-resource-collection>
                    <web-resource-name>Security</web-resource-name>
                    <url-pattern>/*</url-pattern>
            </web-resource-collection>
            <user-data-constraint>
                    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
            </user-data-constraint>
    </security-constraint>

When I try to run my webapp I am met with this:

Unable to connect

Firefox can't establish a connection to the server at localhost:8443.

*   The site could be temporarily unavailable or too busy. Try again in a few
      moments.

*   If you are unable to load any pages, check your computer's network
      connection.

If I comment out the lines I've added to my web.xml file, the webapp works fine. My log file in /var/lib/tomcat6/logs says nothing. I can't figure out if this is a problem with my keystore file, my server.xml file or my web.xml file.... Any assistance is appreciated

I am using tomcat 6 on ubuntu.

Edit: I changed my server.xml to

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
           keystoreFile="/etc/tomcat6/keystore" 
           keystorePass="tomcat" />

incase there was an issue with it being autoconfigured to "APR" as suggested by the tomcat tutorial (not sure if I have that or how to find out if I do). However I am still getting the same error.

Answer 1

I just tested the same setup with a vanilla Tomcat on Ubuntu and :

• I generated a keystore
• I uncommented the SSL connector in server.xml and pointed on my keystore
• I added the security constraint in the web.xml of my-webapp to force the use of SSL

And accessing https://localhost:8443/my-webapp just works on my machine(c).

Are you accessing the application using the right protocol i.e. https:// (notice the s in https)?

By the way, I would recommend to set the redirectPort=8443 attribute in the non-SSL connector so that http://localhost:8080/my-webapp gets redirected to https://localhost:8443/my-webapp.

Answer 2

Well, I'm an idiot...

I was under the impression that netbeans was restarting my server for me, because eclipse used to know when files that required restarting were changed and it would restart the server for you. Apparently netbeans doesn't have that functionality. Once I've manually restarted the server using the script at /etc/init.d/tomcat6 then everything worked..

Thanks for your help anyway pascal, your questions help me think about what other problems I might be running in to.