Re: RE : Install Comodo SSL in Tomcat

[logo]

Leonard,

Am 2020-01-27 16:53, schrieb Léonard WAMBERGUE:
Ok so i have find this error (severe) in my Catalina.out about 
connector :

27-Jan-2020 10:52:23.625 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-194.5.159.189-8080"]
27-Jan-2020 10:52:23.760 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-openssl-nio-443"]
27-Jan-2020 10:52:23.764 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed
to initialize component [Connector[HTTP/1.1-443]]
        org.apache.catalina.LifecycleException: Protocol handler
initialization failed
                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
                at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
                at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
                at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
                at 
org.apache.catalina.startup.Catalina.load(Catalina.java:584)
                at 
org.apache.catalina.startup.Catalina.load(Catalina.java:607)
                at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
                at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at 
java.base/java.lang.reflect.Method.invoke(Method.java:566)
                at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
                at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
        Caused by: java.net.SocketException: Permission denied
                at java.base/sun.nio.ch.Net.bind0(Native Method)
                at java.base/sun.nio.ch.Net.bind(Net.java:455)
                at java.base/sun.nio.ch.Net.bind(Net.java:447)
                at


that looks like you're trying to start a privileged port without being 
root.

try to start on port 8443, and see if you can connect.

After that you may need a natting to map port 443 to 8443. (you should 
not start tomcat as root or privileged windows user)

Peter.

java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:227)
                at
java.base/sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:80)
                at
org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:229)
                at
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:212)
                at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
                at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
                at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:575)
                at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
                at
org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
                ... 13 more

I will add an alias to my keystore and i had seen others errors in
context.xml but i never edit this file.
Provenance : Courrier pour Windows 10

De : Christopher Schultz
Envoyé le :lundi 27 janvier 2020 14:24
À : users@tomcat.apache.org
Objet :Re: Install Comodo SSL in Tomcat

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Léonard,

On 1/27/20 4:57 AM, Léonard WAMBERGUE wrote:
I’m resending this email because i wasn’t well subscribed to users.
I have a VPS server which turn with Ubuntu and i had install
apache/maven and tomcat.> My server version is Apache
Tomcat/9.0.30.

So i deploy my webapp with a ROOT.war file in tomcat. The website
is running on port 8080 and 80 with a redirection. Now i am trying
to install a Comodo SSL to my website and configure my 443 port in
order to use Something like https://mydomain.com.

After purchasing my comodo certificate i received a zip which
containing a key file, a bundle and .crt like mydomain.crt.
Are you sure Comodo send you a .key file? That would be very unusual.

When you applied for the certificate, did you send them a Certificate
Signing Request (CSR)? Or did *they* generate the server-key for you?
You should never let anyone else generate your server key for you.

I had already configure mydomain.jks with a keystore and configure
my connector with this code :
What is in the JKS file? Did you add anything from the ZIP file into
the JKS file?

<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
disableUploadTimeout="true" acceptCount="100" scheme="https"
secure="true" SSLEnabled="true"  clientAuth="false"
sslProtocol="TLS" keystoreFile="/opt/tomcat/certs/my.jks"
keystorePass="myPass"/>

That looks okay to me, except that you don't have a certificate
"alias" listed, so Tomcat will choose the first certificate it finds
in the store, which may not be the one you want to use.

The contents of the JKS file are pretty important for us to see. You
can dump the file like this:

$ keytool -list -keystore /opt/tomcat/certs/my.jks -storetype JKS

But when i’m trying to connect to https://mydomain.com i have
err_connection_refused and this website don’t allow connexion.
What do the logs say on startup? If the <Connector> cannot start, it
won't bind to the socket and you'll get "connection refused" on the
client side.

I had already search many hours how to configure my ssl and i’m a
beginner. I had already try to configure ufw but actually it
doesn’t work.

You came to the right place. We'll get you going.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4u5JgACgkQHPApP6U8
pFjFvw//ReeWQaEbxaGq0Ae8lzedvNHTxwjE17/rD8nCD/Yr71lsUIoJt3Ej8NAz
DsA8Idr00XRKFFmO1FkFiZ1Vw5XCxLr6fSSv5I6R66Ttj7asjGDrI6M6hfnzth4g
cL1CMk2kL0Hn/fK0N+MrBpoQHDHElDgAbtiJyivzJP9cDkLxp99KDTguBesG887Q
hyt8JmMomsXw5OyXe/sxzkyMQToiTwLw7VBRYKtklIpEXOnBo0rDOihWTPc/Ucht
tl1QI4pDqwhITOIFUgGTfwrXhxfVXARgFbHc76ZNwDNuqn/OwxKn9mxAUTq1kYaU
Ve51835QBoRz1Y3yoJ7C+MPR5FfnWnyqS+6Slx0+zu961nj889V4bali5hx0aABq
Df7QOBNPsSA2qhX8y07BAoKLro4nf3oi6a9dSKZ7njw366nntvRBYXN8fUjioJ9i
W5kWALj3wBM2gFHFQnw+srU31WiKRjezSWPKc8c51VHVTFLe2W/EHTE+XAO2179Z
mo4SIa0dPVNoV7Yvxq03YAP+WvdjcFRErB4nSYm2HRLQv5t15MEmDW0fFQaCnQL/
uww5ENscU6RKXGtGrzooN6u9CfFt3x1SrqL+oGfVEj7plKTZKwNY+4BU4+u3XqSO
oWRtTgPJUHvx0CZXJREQAJukDQLXvbQ16WfpUa2vIwZYt7blkNA=
=EBS2
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org