Leonard, > Am 27.01.2020 um 18:50 schrieb Léonard WAMBERGUE > <leonard.wambergue...@gmail.com>: > > Peter, > > I hadn’t seen that i hadn’t answered to all. > > Comodo didn’t send me a key file, *they* = Hostinger, and i can download a > zip from their website with my certificates and my server key but i don’t > have the CSR. >
Still not helpful if your hoster has the private key - that’s not what private means!!!! If you have access to openssl you could create the CSR yourself and the reissue the cert. Or think about moving to Let’s Encrypt and save the money. But that’s a future step. Let’s get you to https first!!! > The JKS file was made with : > openssl pkcs12 -export -in my.crt -inkey my.key -certfile my.ca > <http://my.ca/>-bundle -out my.pf > keytool -importkeystore -srckeystore my.pfx -srcstoretype pkcs12 > -destkeystore my.jks -deststoretype jks > So i can’t add any alias with those 2 lines. And without alias i can’t change > it with -changealias > Could you try openssl pkcs12 -export -in my.crt -inkey my.key -name tomcat -certfile my.ca-bundle -out my.jks <<— the output of pkcs12 is already a jks!!! and -name tomcat is the alias keytool -list -v -keystore my.jks A onliner! Hope this helps Peter > The connector actually look like : > « <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" > disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" SSLEnabled="true" clientAuth="false" > sslProtocol="all" > keystoreFile="/opt/tomcat/certs/my.jks" SSLPassword="mypass" > keystorePass="mypass"/> » > Thank for helping me > > > Provenance : Courrier <https://go.microsoft.com/fwlink/?LinkId=550986> pour > Windows 10 > > De : logo <mailto:l...@kreuser.name> > Envoyé le :lundi 27 janvier 2020 17:32 > À : Tomcat Users List <mailto:users@tomcat.apache.org> > Cc : Léonard WAMBERGUE <mailto:leonard.wambergue...@gmail.com> > Objet :Re: RE : Install Comodo SSL in Tomcat > > Leonard, > > > Am 2020-01-27 16:53, schrieb Léonard WAMBERGUE: > > Ok so i have find this error (severe) in my Catalina.out about > > connector : > > > > 27-Jan-2020 10:52:23.625 INFO [main] > > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > > ["http-nio-194.5.159.189-8080"] > > 27-Jan-2020 10:52:23.760 INFO [main] > > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > > ["https-openssl-nio-443"] > > 27-Jan-2020 10:52:23.764 SEVERE [main] > > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed > > to initialize component [Connector[HTTP/1.1-443]] > > org.apache.catalina.LifecycleException: Protocol handler > > initialization failed > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:983) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:533) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057) > > at > > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:584) > > at > > org.apache.catalina.startup.Catalina.load(Catalina.java:607) > > at > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > at > > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at > > java.base/java.lang.reflect.Method.invoke(Method.java:566) > > at > > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303) > > at > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473) > > Caused by: java.net.SocketException: Permission denied > > at java.base/sun.nio.ch.Net.bind0(Native Method) > > at java.base/sun.nio.ch.Net.bind(Net.java:455) > > at java.base/sun.nio.ch.Net.bind(Net.java:447) > > at > > > that looks like you're trying to start a privileged port without being > root. > > try to start on port 8443, and see if you can connect. > > After that you may need a natting to map port 443 to 8443. (you should > not start tomcat as root or privileged windows user) > > Peter. > > > java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:227) > > at > > java.base/sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:80) > > at > > org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:229) > > at > > org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:212) > > at > > org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141) > > at > > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154) > > at > > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:575) > > at > > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74) > > at > > org.apache.catalina.connector.Connector.initInternal(Connector.java:980) > > ... 13 more > > > > I will add an alias to my keystore and i had seen others errors in > > context.xml but i never edit this file. > > Provenance : Courrier pour Windows 10 > > > > De : Christopher Schultz > > Envoyé le :lundi 27 janvier 2020 14:24 > > À : users@tomcat.apache.org > > Objet :Re: Install Comodo SSL in Tomcat > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Léonard, > > > > On 1/27/20 4:57 AM, Léonard WAMBERGUE wrote: > >> I’m resending this email because i wasn’t well subscribed to users. > >> I have a VPS server which turn with Ubuntu and i had install > >> apache/maven and tomcat.> My server version is Apache > >> Tomcat/9.0.30. > >> > >> So i deploy my webapp with a ROOT.war file in tomcat. The website > >> is running on port 8080 and 80 with a redirection. Now i am trying > >> to install a Comodo SSL to my website and configure my 443 port in > >> order to use Something like https://mydomain.com. > >> > >> After purchasing my comodo certificate i received a zip which > >> containing a key file, a bundle and .crt like mydomain.crt. > > Are you sure Comodo send you a .key file? That would be very unusual. > > > > When you applied for the certificate, did you send them a Certificate > > Signing Request (CSR)? Or did *they* generate the server-key for you? > > You should never let anyone else generate your server key for you. > > > >> I had already configure mydomain.jks with a keystore and configure > >> my connector with this code : > > What is in the JKS file? Did you add anything from the ZIP file into > > the JKS file? > > > >> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" > >> minSpareThreads="25" maxSpareThreads="75" enableLookups="false" > >> disableUploadTimeout="true" acceptCount="100" scheme="https" > >> secure="true" SSLEnabled="true" clientAuth="false" > >> sslProtocol="TLS" keystoreFile="/opt/tomcat/certs/my.jks" > >> keystorePass="myPass"/> > > > > That looks okay to me, except that you don't have a certificate > > "alias" listed, so Tomcat will choose the first certificate it finds > > in the store, which may not be the one you want to use. > > > > The contents of the JKS file are pretty important for us to see. You > > can dump the file like this: > > > > $ keytool -list -keystore /opt/tomcat/certs/my.jks -storetype JKS > > > >> But when i’m trying to connect to https://mydomain.com i have > >> err_connection_refused and this website don’t allow connexion. > > What do the logs say on startup? If the <Connector> cannot start, it > > won't bind to the socket and you'll get "connection refused" on the > > client side. > > > >> I had already search many hours how to configure my ssl and i’m a > >> beginner. I had already try to configure ufw but actually it > >> doesn’t work. > > > > You came to the right place. We'll get you going. > > > > - -chris > > -----BEGIN PGP SIGNATURE----- > > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4u5JgACgkQHPApP6U8 > > pFjFvw//ReeWQaEbxaGq0Ae8lzedvNHTxwjE17/rD8nCD/Yr71lsUIoJt3Ej8NAz > > DsA8Idr00XRKFFmO1FkFiZ1Vw5XCxLr6fSSv5I6R66Ttj7asjGDrI6M6hfnzth4g > > cL1CMk2kL0Hn/fK0N+MrBpoQHDHElDgAbtiJyivzJP9cDkLxp99KDTguBesG887Q > > hyt8JmMomsXw5OyXe/sxzkyMQToiTwLw7VBRYKtklIpEXOnBo0rDOihWTPc/Ucht > > tl1QI4pDqwhITOIFUgGTfwrXhxfVXARgFbHc76ZNwDNuqn/OwxKn9mxAUTq1kYaU > > Ve51835QBoRz1Y3yoJ7C+MPR5FfnWnyqS+6Slx0+zu961nj889V4bali5hx0aABq > > Df7QOBNPsSA2qhX8y07BAoKLro4nf3oi6a9dSKZ7njw366nntvRBYXN8fUjioJ9i > > W5kWALj3wBM2gFHFQnw+srU31WiKRjezSWPKc8c51VHVTFLe2W/EHTE+XAO2179Z > > mo4SIa0dPVNoV7Yvxq03YAP+WvdjcFRErB4nSYm2HRLQv5t15MEmDW0fFQaCnQL/ > > uww5ENscU6RKXGtGrzooN6u9CfFt3x1SrqL+oGfVEj7plKTZKwNY+4BU4+u3XqSO > > oWRtTgPJUHvx0CZXJREQAJukDQLXvbQ16WfpUa2vIwZYt7blkNA= > > =EBS2 > > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org
