[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    SSL configuration trouble with IIS, Tomcat and jkredirect
From:       Arthur Cosma <ACosma () c-sgroup ! com>
Date:       2015-03-31 20:17:53
Message-ID: CY1PR0401MB11486DAE04CDE25176D90CE5E5F40 () CY1PR0401MB1148 ! namprd04 ! prod ! outlook ! com
[Download RAW message or body]


Hello and thank you for the opportunity, this is my first post.
Please note that all I did below is either expertise from the vendor (which is very \
uncooperative in regards to https) or by reading numerous bits of information on the \
web.

Here is the environment:
IIS 7(.5) web server running on 2008 R2 64 bit
Tomcat 7.0.35 64 bit
JK 1.2.40 connector 64 bit configured with a configuration file and not via the \
registry

I have a vendor application that runs fine in http with the setup above, but I am \
trying to configure it for https. JK redirects properly the http traffic from port \
8080 to 80 and the URL is not requiring the port.

In order to set up SSL I enabled in in IIS, I created a certificate with keytool and \
imported it on the server. I can browse to https://myhost and after I accept the \
certificate, I get the familiar IIS 7 logo. I can also connect to \
https://myhost/manager/html and I am able to authenticate to Tomcat and get to the \
manager page. None of these URLs, however, throw an entry in the isapi_redirect.log \
file. All I get in there is the initialization message.

I have my applet defined in uriworkermap.properties and it points to an ajp13 worker \
defined on port 8009.

These are my connector definitions in server.xml (the rest of the configuration is \
default):

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" \
SSLEnabled="true"  maxThreads="200" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="D:\keystore\.keystore" keystorePass="tomcatPWD" />

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

In order to revert to http, all I have to do is comment out the second connector \
definition for port 8443 and revert the applet's parameter to http. When everything \
is set to https, any call to the applet goes into a loop and it just sits there with \
a spinning icon on the browser's tab: "Waiting for myhost..." There is no entry in \
isapi_redirect.log and  localhost_access_log.txt only receives a "GET /myapplet \
HTTP/1.1" 302 -

I tried to understand the way ports work with Tomcat, JK and SSL but I am at a loss, \
so I finally decided to post on this mailing list. From what I know, JK redirects \
port 8080 to 80, but I couldn't find any information on redirecting, say 8443, to \
443.

Any guidance will be greatly appreciated. I feel like I'm close, but missing the next \
step. I am not a total newb, with some exposure to Tomcat, but this is above my pay \
grade.

Best regards,
Arthur




 -- This message (including any attachments) is intended only for the use of the \
individual or entity to which it is addressed and may contain information that is \
non-public, proprietary, privileged, confidential, and exempt from disclosure under \
applicable law. If you are not the intended recipient, you are hereby notified that \
any use, dissemination, distribution, or copying of this communication is strictly \
prohibited. If you have received this communication in error, please notify us and \
destroy this message immediately. ---



[prev in list] [next in list] [prev in thread] [next in thread]