I've just set up Tomcat on a fresh Debian VM. Port 8080 over HTTP works with no issue, yet after hours of fiddling around I cannot find a way of enabling HTTPS.
I've followed the guide to generate a self-signed certificate here: How to create a self signed SSL certificate for use with Tomcat?
I've set my server.xml file up as follows:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxthreads="150" scheme="https" secure="true"
keystoreFile="selfsigned.jks" keystorePass="123456"
clientAuth="false" acceptCount="100"/>
I've restarted Tomcat, and yet still the thing isn't listening on port 8443.
Running netstat -tulpn | grep LISTEN shows:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 542/sshd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 7953/java
tcp6 0 0 :::8080 :::* LISTEN 7953/java
tcp6 0 0 :::22 :::* LISTEN 542/sshd
Even if the certificate was wrong, surely it would be listening on port 8443, no?
I've also tried copying the server.xml from this question: Tomcat: Trouble with SSL https connection on port 8443
Yet again, port 8443 isn't listening. What am I doing wrong?
EDIT I see the following error within the catalina log file:
Caused by: java.io.IOException: keystore password was incorrect
I've removed and recreated the Keystore file with the same password, so I can't see why this isn't working.
My Server.xml file now looks like this:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
defaultSSLHotConfigName="qa-maintenance.company.com">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig hostname="qa-maintenance.company.com" protocols="TLSv1.2,+TLSv1.1,+TLSv1">
<Certificate certificateKeystoreFile="conf/keystore.jks"
type="RSA" KeystorePass="123456" />
</SSLHostConfig>
</Connector>
