-3

I am following this guide to setup ssl on my Tomcat 9 hosted on AWS EC2 (Ubuntu 16.04.5 LTS).

Version: java-8-oracle , apache-tomcat-9.0.10

Key created at /home/ubuntu :

ubuntu@ip-x-x-x-x:~$ sudo keytool -genkey -alias tomcat -keyalg RSA -keystore ./test
Enter keystore password:  
Re-enter new password: 
What is your first and last name?
  [Unknown]:  Tester
What is the name of your organizational unit?
  [Unknown]:  Test  
What is the name of your organization?
  [Unknown]:  Tester ltd
What is the name of your City or Locality?
  [Unknown]:  City
What is the name of your State or Province?
  [Unknown]:  State
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Tester, OU=Test, O=Tester ltd, L=City, ST=State, C=US correct?
  [no]:  yes

Enter key password for <tomcat>
    (RETURN if same as keystore password):  
Re-enter new password: 

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore ./test -destkeystore ./test -deststoretype pkcs12".

Convert key to PKCS12 :

ubuntu@ip-x-x-x-x:~$ sudo keytool -importkeystore -srckeystore ./test -destkeystore ./test -deststoretype pkcs12
Enter source keystore password:  
Entry for alias tomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Warning:
Migrated "./test" to Non JKS/JCEKS. The JKS keystore is backed up as "./test.old".

ubuntu@ip-x-x-x-x:~$ keytool -list -keystore ./test
Enter keystore password:  
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

tomcat, Aug 5, 2018, PrivateKeyEntry, 
Certificate fingerprint (SHA1): E7:F9:46:D4:F8:91:E6:A9:68:54:98:6C:22:CF:EE:6D:C5:6A:FF:17

Modify /opt/tomcat/conf/server.xml :

<Connector port="80" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="443" />

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout="true" enableLookups="false" maxThreads="25"
    port="443" keystoreFile="/home/ubuntu/test" keystorePass="password"
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
    secure="true" sslProtocol="TLS" />

Enable firewall :

ubuntu@ip-x-x-x-x:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)

Result:

Using Chrome I have no problem connecting to http://x-x-x-x (i'll see the Apache Tomcat/9.0.10 homepage). But when I try https://x-x-x-x , i'll get This site connot be reached , ERR_CONNECTION_TIMED_OUT

Consy
  • 101
  • 3

1 Answers1

0

Im going to answer my own question. The reason i'm getting ERR_CONNECTION_TIMED_OUT is the AWS EC2 firewall blocking all incoming https port (443). Edit inbound rules of AWS EC2 instance security group to allow incoming port 443, that will fix the problem.

Consy
  • 101
  • 3
  • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - [From Review](/review/low-quality-posts/378253) – Thomas Aug 06 '18 at 09:58
  • @Thomas edited answer and comment – Consy Aug 06 '18 at 14:50