Have you tried integrating Tomcat with IIS and let IIS manage your SSL connection? IIS is a lot easier to manage certificates. Usually you will want to run IIS or Apache in front of Tomcat. Since you look like a windows shop I would say go the IIS route. There are a number of benefits to running IIS or Apache with Tomcat.
Brian From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Pierson, Shawn Sent: Wednesday, September 2, 2015 2:15 PM To: [email protected] Subject: Struggling with SSL and Mid Tier ** Good afternoon, This isn't specifically a Remedy issue but it's something many of you have done so I thought I'd ask here. I'm in the process of setting up SSL with Tomcat 7.0.53 on Windows so we can better secure the Mid Tier. According to the logs, it looks like Remedy is able to connect back to the server, but I can't actually connect to Tomcat. Ignoring Remedy for a moment, I have an index.html in the root folder that should work. Let's say my server's DNS alias is remedy.example.com in this case. Tomcat ran fine on port 8080 (including the Mid Tier) without any certificate set up. However, I implemented this as the connector in the server.xml file: <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" secure="true" ="false" keystoreFile="conf/filenamegoeshere.jks" keystorePass="passwordgoeshere"/> This *should* work, but doesn't seem to allow me to connect. I've tried using port 8443 to no avail, I've tried different protocols but settled on this one since it's used by other apps in my organization. I was also suggested to put the keystore file in the conf directory and to reference it the way I did above. There are other options that I will add to this connector when we have it all up and running but for now that's it. In terms of the keystore file, if I run keytool -list -keystore filenamegoeshere.jks and enter the correct password, I can see the valid certificate fingerprint information, and if I add a -v to it, I can see that it is a certificate for remedy.example.com specifically. Now, the final thing that is odd is that if the alias for my certificate is "server" for example, and I go into my Tomcat connector and add keyAlias="server" and restart Tomcat, I get these types of errors and the whole thing bombs out: SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-nio-443"] java.io.IOException: Alias name server does not identify a key entry Does anyone have any suggestions of what I might be able to do to resolve this? I've been stuck on it since last week and tried everything I can come up with. Setting up SSL on Tomcat isn't my area of expertise and there's too much information available on Google and not enough on BMC's sites to help me figure out what options I have to resolve this. Thanks, Shawn Pierson Remedy Developer | Energy Transfer Private and confidential as detailed here<http://www.energytransfer.com/mail_disclaimer.aspx>. If you cannot access hyperlink, please e-mail sender. _ARSlist: "Where the Answers Are" and have been for 20 years_ DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
