Seeking Ubuntu Tomcat8 SSL Guide/Tutorial


#1

Hi guys,
I’m trying to find a HowTo guide or tutorial on LetsEncrypt setup for Apache Tomcat8. So far I have found a lot of help discussion but no complete guide. Can anyone direct me to one?

I have found some guide that shows how to install LetsEncypt on Apache2 Server and then use it as a reverse proxy for Tomcat8. However, I’m not looking for that. I’ll prefer Tomcat Server to run SSL.

I’m looking for the following setting:
Tomcat8 will install the LetsEncrypt certificate that will run on port 8443. This can be either JSSE or APR implementation.

Here are my server details:
Ubuntu 16.04
Tomcat Version: 8.0.32
JVM Version: 1.8.0_181-b13
Target Port to run LetsEncrypt SSL: 8443

Thanks in advance.


#2

Hi,

Take a look at this blog post please.
https://gasimof.com/install-free-ssl-certificate-for-tomcat/

Thank you


#3

Thanks for the link.

I did following through the guide I’m getting the error:
“This site can’t be reached
ERR_TIMED_OUT”
I did change the Connector Port to 8443 from 443 as it was shown in the guide. Anyway, I have also tried port 443 and that didn’t work either.

I have checked my firewall settings and it allows both 8443 and 443.

Note that my Self-Signed certificate works on port 8443, so firewall isn’t the issue. But when I change the server.xml to point to the Let’s Encrypt certificate using the config example given here, I’m getting the ERR_TIMED_OUT error.

This is my server.xml looks like:


<?xml version='1.0' encoding='utf-8'?>
<!--
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="/etc/letsencrypt/live/I-Placed-My-Domain-Here/privkey.pem"
                         certificateFile="/etc/letsencrypt/live/I-Placed-My-Domain-Here/cert.pem"
                         certificateChainFile="/etc/letsencrypt/live/I-Placed-My-Domain-Here/chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
<Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

Please note that I know my Let’s Encrypt Certificate works and the path is correct because on Apache2 I get valid certificate when I point the browser to https://MyDomain.com

Thanks in advance for any suggestion.


#4

Hi,

The server.xml in that blog has the following lines:

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="/etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem"
                         certificateFile="/etc/letsencrypt/live/YOUR_WEBSITE_HERE/cert.pem"
                         certificateChainFile="/etc/letsencrypt/live/YOUR_WEBSITE_HERE/chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

By the way, did you restart the server after make changes those files?

Thank you


#5

Hello,

The only difference in the config that is in that blog and mine is in the following line:

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

I replaced port=443 to 8443

I have also tried with port 443 and I get a timeout.

Yes, I restart Tomcat server after every time the config file is changed and I have checked that there are no firewall port blocks (my self signed certificate works on port 8443).

Not sure I’m missing out anything else.

Regards.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.