SSL Config on Tomcat

Hi Experts:
My Apache+SSL is working now - thanks to you all. I checked it using https://www.hari.com.
However, I have a small Application which contains JSP+Servlets which calls Oracle DB via JDBC. This application is working fine when I type http://www.hari.com:8080/hari/index.jsp but when I try HTTPS as https://www.hari.com:8080/hari/index.jsp it does'nt work - ie page does'nt shows up.
I know that HTTPS listens to port 443 and my Application(Tomcat+JBoss) listens to port 8080 - so how do I integrate both the ports to work together? Any useful information on above is appreciated.
THANKS!
HARI

Hi
I guess that you haven't changed the pot that Tomcat listens for SSL connections.If not the default port for SSL is 8443 for Tomcat. SO if you want your application to run via SSL you must use s.g like https://localhost:8443/......
if u use 8080 it won't run. The connection to the database should be again to the 8080 port, but the servlet should listen to 8443 for SSL. Check the port in the server.xml file

Similar Messages

  • Https ssl config Oracle AS, webcache, portal...almost works

    Hi,
    I have searched the forums and I havent found anything that works for me.
    I have Oracle infrastructure on one server, and Oracle App server/portal on another server. I can get as far as the http server showing the "welcome to oracle" page in https form. When I try to access a page in the portal (plsql) I get a blank page. It does convert the "https://myserver:xxxx//pls/portal/url/page/IRWEB/HOME
    " to "https://myserver:xxxx/portal/page?_pageid=73,86254,73_86264:73_86316:73_8632...." but nothing comes up.
    Also, it uses the Infrastructure server for single-sign-on...so I need to make the app server do the single sign-on. I've tried by adding /pls/orasso entry in DADS.conf of http server..
    So as far as I can tell...the http server IS operating in https/ssl, but the single-sign-on and the pages in the portal are not.
    I have to do everything manually since I am using 10.1.2 (no Oracle Collab Suite installed, so no SSLConfigTool and other assistants)
    Here is what I've done to get https://myserver:xxxx/ to come up ok.
    server 1: Oracle Infrastructure and Oracle database release 1 10.1.2.0.0
    server 2: Oracle Application Server / Portal with webcache release 2 10.1.2
    using Oracle Wallet for certificate,
    http server -> process management "ssl-enabled",
    http server -> advanced -> ssl.config: SSLWallet file:, SSLWalletPassword, virtual host for ssl
    webcache -> added settings for ssl (I used the current entries for non-ssl as a guide for the ssl entries)
    Interesting issue...with the ports in the ssl.conf file example:
    Port 4459
    Listen 4459
    VirtualHose myserver.blah.edu:4450
    Port 4458
    When I get the blank page trying to use ssl and 4459, I can manually change the url in my browser to 4458 (or maybe its the other way around) and get this message: "Error: The portlet could not be contacted"
    Is this a problem with webcache? Do I have to do any ssl config on the server with the database?
    I've even tried disabling the webcache, both with the oracle sql script and through web interface but neither made a difference...same problem.
    Any help would be greatly appreciated..I feel as if I'm almost there.
    If I did not post enough info for accurate help, please ask what you need to know to provide help! Thanks in advance.

    Hi,
    Yes you can go for SSl configuration without re-installing any of the components.
    Regards,
    access_tammy

  • SSL config

    Dear Sir,
    I have a pair of 11501, which load balance two SSL server behind them. The cert is stored in SSL server(10.106.13.20 & 21). The external vip is 10.106.13.224.
    I read the SSL Config Gide and made the below configuration. Can you check if my config below is ok?
    ssl-proxy-list PIS-SSL-LIST
    backend-server 1
    backend-server 1 type backend-ssl
    backend-server 1 ip address 10.106.13.224
    backend-server 1 server-ip 10.106.13.20
    backend-server 1 version ssl3
    backend-server 1 session-cache 300
    backend-server 1 tcp virtual ack-delay 0
    backend-server 2
    backend-server 2 type backend-ssl
    backend-server 2 ip address 10.106.13.224
    backend-server 2 server-ip 10.106.13.21
    backend-server 2 version ssl3
    backend-server 2 session-cache 300
    backend-server 2 tcp virtual ack-delay 0
    active
    service PIS-SSL-SERVICE
    type ssl-accel-backend
    ip address 10.106.13.224
    add ssl-proxy-lit PIS-SSL-LIST
    active
    owner PIS-SSL-OWNER
    content PIS-SSL-VIP-1
    vip adddress 10.106.13.224
    port 80
    advanced-balance arrowpoint-cookie
    url "/*"
    add service PIS-SSL-SERVICE
    active
    Thanks

    this is totally wrong unfortunately.
    What are you trying to achieve here ?
    Normally the connection between CSS and server does not need to be encrypted because they are close to each other.
    You probably want to encrypt the connection from the client to the CSS since this connection goes throug the Internet.
    Is this what you need ?
    Here are sample configs:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html#wp999094
    backend-ssl is @
    SSL Transparent Proxy Configuration - HTTP and Back-End SSL Servers
    You will see that you did many mistakes, like ip addresses used in the ssl-proxy-list.
    Gilles.

  • SSL installation on tomcat

    Hi,
    can you tell me a link to a useful documentation how to install ssl on a tomcat 5.0 / jvm 1.5 (downloading JSSE doesn't work due to Error: Transaction stopped. The selected product(s) cannot be provided to your location.) ?
    Many thanks & best regards
    Dirk

    JSSE is already contained in Java 1.4, 1.5, 1.6, ... You don't need to download anything. You just need to follow the Tomcat instructions for the SSL Connector.

  • SSL-Config: Oc4J does not reload keystore/truststore at runTime

    Hi all, i have a little question about the SSL-Config into OC4J.
    I have a webApp bound to a secure web site that requires mutual-authentication. If I add at run-time (without stopping OC4J) a trusted entry (a CA) to the keystore the secure-web-site is related to, OC4J does not "reload" the keystore with the new entry. Thus, i have to restart the OC4J to be able to accept SSLconnection that are authenticated by means of that new CA. The qeustion is: Does it exist a conifguration that has to be performed to reload at run-time a keystore in OC4J or it's necessary to restart OC4J each time a new entry to a keystore mapped for a given secure-web-site is added?
    I hope someone can give me a tip,
    Best Regards

    Hi I tried this with latest 10.1.3 Developer Preview 4 and it worked great and I could start OC4J standalone in https mode. Can you please download the latest version of OC4J 10.1.3 DP4 stand-alone and try in there ? The OC4J version embedded with JDev 10.1.3 Preview is pretty old and there have been many bugs fixed since then
    http://www.oracle.com/technology/tech/java/oc4j/index.html
    -Debu

  • SSL and Apache Tomcat 5.5.20

    Hi
    Maybe java forum is not right place where to put this post, but it is worth a try...
    im using tomcat 5.5.20 and i have read tomcat-docs how to configure server for ssl... i have done everything (checked so many times...), restart my server too, but still ssl does not work...
    when i try to open https://localhost:8443 but it takes so much time "loading the page" and then fails...
    when i try http://localhost:8443 it work but with no ssl... :(
    my server.xml config file :
    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
         <Connector port="8443" maxHttpHeaderSize="8192"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" />
    any help?

    i have found the cause of problem, but i cent solve it....
    problem is because i use winxp for server (apache). On winxp there is no default enviromental variable for USER_HOME or sth like that...
    the server.xml use home variable where .keystore is stored... and on linux where home variable is explicitly defined and it works...
    when i was try to move .keystroe file to another directory and rename it to tomcat.keystore and in server.xml use the following parameter inside Connector tag, keystoreFile="path-to-file\tomcat.keystore" in it does not work any more...

  • 2 way ssl config in WLS 8.1

    Problem: Server(any web app runing on WLS 8.1 SP2 on win2000) need to authenticate
    clients(browser) without prompting for userid & passwords just through digital
    certificate. With out writing any programming in deployed Java app . Only through
    server side config can be done.
    Soluton : We are trying to use the 2-way ssl in WLS 8.1 SP2 running on win2000.
    To begin with development, we are just using the Demo cert. This is being tested
    on same machine both client and server. This works perfectly fine for 1-way ssl
    no need to do any config. To extend this config for 2-way.
    I need a one more digital cert for client.
    I create the client digital cert/private key using Cert Gen utility.
    Now the confusing part how to add this to Server Trust key store.
    There are no proper doc on how to continue further.
    Different places say different things to do.
    If any one can provide some example steps how to do it will be great.
    Thanks in advance.
    --Prav

    Did you use the Demo CA to issue the new certificate (CertGen uses it by default)?
    Then you do not need to do anything. The CA certificate already exists in the
    DemoTrust.jks.
    Otherwise you can use keytool to import trusted certificate into a keystore. See
    this page for more info: http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1178523
    Pavel.
    "prav" <[email protected]> wrote:
    >
    Problem: Server(any web app runing on WLS 8.1 SP2 on win2000) need to
    authenticate
    clients(browser) without prompting for userid & passwords just through
    digital
    certificate. With out writing any programming in deployed Java app .
    Only through
    server side config can be done.
    Soluton : We are trying to use the 2-way ssl in WLS 8.1 SP2 running on
    win2000.
    To begin with development, we are just using the Demo cert. This is being
    tested
    on same machine both client and server. This works perfectly fine for
    1-way ssl
    no need to do any config. To extend this config for 2-way.
    I need a one more digital cert for client.
    I create the client digital cert/private key using Cert Gen utility.
    Now the confusing part how to add this to Server Trust key store.
    There are no proper doc on how to continue further.
    Different places say different things to do.
    If any one can provide some example steps how to do it will be great.
    Thanks in advance.
    --Prav

  • Ssl configuration in tomcat

    hi everyone... i hope anyone can help me in this problem
    i 've installed Apache Tomcat 4.1.12LE
    and j2sdk1.4.1 .Yesterday i tried configuring SSL in tomcat for my login page.
    so i followed the steps provided in the documentation. the documentation said choose
    JSSE an installed extension by copying all three JAR files (jcert.jar, jnet.jar, and
    jsse.jar) into your JAVA_HOME\jre\lib\ext directory but i could only find the jsse.jar
    file so i copyied jsse.jar file to JAVA_HOME\jre\lib\ext after that i did the keytool
    configuration from C:\j2sdk1.4.1 during keytool process i created my own password.
    after that i removed the comments in the server.xml like shown below,
    and added the keystore password with my own..password
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
    port="8443" minProcessors="5" maxProcessors="75"
    enableLookups="true"
    acceptCount="10" debug="0" scheme="https" secure="true"
    useURIValidationHack="false">
    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" keystorePass="mypassword" />
    i restarted tomcat and typed https://localhost:8443/ and it displayed The page cannot
    be displayed.. so my question is where did i go wrong and what should i do next...

    <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
    clientAuth="false" protocol="TLS" keystorePass="mypassword" />
    You did not specify the keystore file location.

  • Soap RECEIVER adapter ssl config

    we are consuming a web service in sap ECC system via XI using SSL. So I configured receiver soap adapter. Imported the certificate provided by web service provider to J2EE visual admin key store. However I am not able to see my ceritificates popluated in my communication channel selection list.
    Could you please provide steps to configure SSL in receiver soap adapter not for Sender adapter.
    Thanks.
    Bijay

    Okay, so this is a client certificate and not a CA certificate, right?
    In this case, you need to import the client certificate under ICM_SSL_xxx and you can find SSL_Provider if you scroll completly down. You need to import the private key of the client certificate under ICM_SSL_xxx.
    Only CA certificates goes in TrustedCA view. You can create a new view ICM_SSL_xxx or put the certificate under any existing ICM_SSL_xxx view, it doesn't matter.
    Do this step and let me know if it works. Might be, there is no requirement for private key at this point of time. It completely depends how the receiving system will accept and verify the call from PI server.
    Since it's a client certificate, they must be having public and private keys. But this certificate has to be signed by some one like VeriSign and they provide a different key to make it more secured. But anyways, you don't need to go in so much of details right now.
    Follow the steps that I mentioned above and hopefully, it should work.
    Regards,
    Neetesh

  • SSL config in PORTAL

    To all the Portal Guru's out there....I have a two simple questions....
    I have two servers - one that holds the MR (repository) and one that holds the OID Infrastructure and Portal tiers (2 different mount points)
    This is a new install - and upgraded to 10.1.4. With the OID and portal tiers on the same server, it is possible to SSL enable access to the portal (i.e. HTTPS in place of currently HTTP) - without having to re-install.......the entire stack.....
    Is it also wise to go ahead and do this - in other words, does religiously adhering to Sec 5.2 of the Oracle® Application Server Portal Configuration Guide
    10g Release 2 (10.1.4) B19305-03 - get me to enable SSL through out the portal?
    Thanks

    Hi,
    Yes you can go for SSl configuration without re-installing any of the components.
    Regards,
    access_tammy

  • Console cannot connect to ldap after SSL config

    Hi,
    I configured our iplanet DS 5.0 to use SSL (requested cert from DS, signed and created a new cert with openSSL, verified that DS could read that cert, and turned on ssl). Restarted DS and admin-serv. The ldap is working but ldaps is not. The console is unable to connect to DS and just hangs when trying to connect. The console is configured to connect to ldap not ldaps, but when I view the configuration for DS in console it shows port 636. So -
    - how do I make the console use port 389 to connect to the DS?
    - What do I need to do to get ldaps working?
    TIA.
    Raj Dolas

    There are some limitations in using the Console when SSL is enabled for the Directory Server. These are documented... in the release notes at least.
    Regards,
    Ludovic.

  • SSL Config for SAP webgui service of ABAP

    Hi Gurus,
    We have a duel stack system, details are as follows:
    ECC 6.0 SR2
    ABAP Stack 11
    Java Stack 13
    we want to access the webgui via internet and for this we have configured the webdispatcher which is behid the firewall. we had created the ccr and got the CA response which is imported in the Dispatcher. So the traffice from the end user to Dispatcher is SSL enabled. Then we did same thing for ABAP as well and now the completed trafic is SSL enabled. Our problem is...
    when we use the URL to login to webgui it changes the url and hence does not work from internet. Please note that we dont want to expose our ECC system to public netowrk.
    e.g :
    https://portal.mycompany.com:8100 --> this is the web dispatcher URL this should give us the login screen and stay as it is all the time. But ......when it gives the login screen it gets changed to
    https://ecc60server.mycompany.com:8000 --> and as the ECC server cant be accessed via internet this URL fails when we are outside the company network.
    similarly for the Java stack of the same system also we have the URL and it works just fine.
    rewards will be awarded for the solutions....
    Pravin

    Hi Pravin,
    So if I get it right, you need an End-to-End SSL setup for you WebDispatcher.
    This means that the Webdispatcher simply re-directs the calls but still shows the official url to the client.
    I think you have a problem in the webdispatcher profile.
    there should be one entry like
    icm/server_port_0 = PROT=ROUTER,PORT=443
    This means that the webdispatcher is listening for traffic on port 443.
    then there should be another entry like
    icm/server_port_1 = PROT=HTTPS,PORT=0
    this means that the webdispatcher does not listen to this port (PORT=0) but simply send data to it.
    Then, the actual connection to the ABAP-system
    ms/https_port = 8101  (or whatever port you used for https)
    rdisp/mshost = <full.host.name.including.domain.name>
    another important parameters is: wdisp/server_info_protocol = https

  • Nodemanager SSL Config

    Anyone knows how to configure the SSL for nodemanager?

    please refer to http://e-docs.bea.com/wls/docs70/secmanage/ssl.html <br> for more
    information.
    Mike Han <[email protected]> wrote:
    Anyone knows how to configure the SSL for nodemanager?

  • SSL Config problem

    Hi all,
    I uploaded a cert file and I am getting a runtime error when I try to delete a wrong certificate from Key Store in Visual Admin.
    Can you tell me how to delete the certificate?
    Thank you in advance.
    Regards,
    Subu

    This should not happen. Check if the entries in the orasso.wwsec_papp_configuration_in_t point portal to the right SSO entries. Also check if the OIDDAS operation url's are correct in the oid.
    cu
    Andreas

  • Apache-Mod_jk-Tomcat and SSL certificate

    Hi all.
    I have Apache 2.0.55 working with Tomcat 5.5 via mod_jk connector.
    I have generated a self-signed cerificate for Apache using openssl, and I use it to encrypt both URLs served by Apache and URLs served by Tomcat through mod_jk.
    When a "https URL" is forwarded to Tomcat, an exception is thrown by the webapp, unless the certificate has not been set as "trusted" on Tomcat side.
    So, it seems like I have to do the following:
    1) generate a a self-signed cerificate for Apache using openssl.
    2) import this certificate in a keystore
    3) set the keystore as trusted (System.setProperty("javax.net.ssl.trustStore", PATH_TO_KEYSTORE));
    I'm wondering if there's a better way to accomplish that, not forcing me to do all this steps and, above all, allowing me to "break" the link between the apache cert and the tomcat keystore.
    Any help will be very appreciated!

    usually u generate a keystore for client, and mention that in ur SSL connector of tomcat
    in apache, we need to configure things in ssl.conf

Maybe you are looking for