How to connect Tomcat to SSL served via load balancer

Question

I'm trying to switch Tomcat from running on port 80 to run on 443. The client wants to serve the SSL certificate via the Citrix NetScaler load balancer.

The issue is I can't get Tomcat to respond to requests on 443 without pointing to a certificate directly. Does anyone know what configuration options to use in the Connector for this setup? I haven't found any documentation that enables 443 without referring directly to a certificate file or store.

Here are two options that I've found that allow Tomcat to start and still operate on 80, but are not responding on 443. Other things I tried simply wouldn't allow Tomcat to start.

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />

and

<Connector port="443" protocol="HTTP/1.1" connectionTimeout="20000" />

score 0 · Answer 1 · answered Aug 25 '17 at 17:10

If your client is putting the SSL cert on the Netscaler, that's where the SSL connection will terminate. You don't need to have Tomcat talk on 443. The conversation between the Netscaler LoadBalancing VIP and the back end resources (Tomcat on the hosts) can be on port 80.

How to connect Tomcat to SSL served via load balancer

1 Answers1