-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 1/3/20 13:47, James H. H. Lampert wrote: > On 1/3/20 9:57 AM, Christopher Schultz wrote: >> Is perhaps the AWS firewall (which is a Load Balancer, right?) >> redirecting the port? >> >> Easy test (from the server): >> >> $ telnet localhost 443 > > I hadn't thought of that. But alas, that instance doesn't have > Telnet on it. > >> If it connects, you have something on the host making this work. >> If it fails to connect, the 443 -> 8443 magic is outside the host >> itself. > > If, however, I do curl https://foo.bar.net from my Mac, I get a > response, but if I do curl https://localhost, it doesn't get > anywhere. So your instance is indeed listening on 8443 and the host (at least on the loopback interface) isn't doing any port 443 funny-business. >> Note that if you are using AWS load-balancer, AWS provides free >> certificates that auto-renew; just configure them and you are >> done forever. > >> Let me know about the Load-Balancer. That's probably the piece of >> the puzzle you aren't looking at quite yet. > > No; we *have* load-balanced clusters, and they *are* (as of last > month) on AWS's certificate system, so I know what that looks like. > This is completely different; when I connect, I see the certificate > that is currently active on the Tomcat server (and if I plug a > different cert into Tomcat, I see the change from my browser). There are also load-balancers that just move bytes and don't terminate TLS. It's also possible to have the same certificate installed in multiple places. I think you are going to have to look around your network a little more to figure out what's happening. Maybe simply try: $ host foo.bar.net And check the IP versus the IP of the Tomcat node? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4TSsMACgkQHPApP6U8 pFgvHw//fBItKsqFiCNeA5lLwo6hi6tZaZY6BxC24SQfMPFe4TaQKkvl/ziGdvpc E7afIiahzkksZ5Afeq08xx5yE16XVWNDfXy005x5TjosK9tq+msYQU0RUXiHolPo iTNMfVAi7vHx4OYciJzDzV34vb8pF4Xl4AlMj/ESh38BUPsZWQtcpzmMi9Nf9+/q grQonVVKHBIydBSbygpiHBGcPesJX0kRUtpArVIWJZdw+V+lKApeo32Xw1Y+Dm0q 1knwGFzHYGdxROCCpez8dq83ABI5l4tmVMPYpTZsTxBrebZxXxy2GUfrRHTH8UaC E1ew1jHhYwyPWIUQjEAWynKqVZ8OFcBlRN3DwFvNCGMyd5c9vyE50qfRwzYqeQMk tEnNafRgWGdsiw0El79m6Xl3LVOd9psSYTgvobqICPk27YhPbpk7izR5td2stvxu wnmfgxBJd9lL/ckwkvQfKgsdQSnCx8ULJgNUWyCv/gKrhBuBK1gkRrHj3MbJM5Cf A7fquztvXVZdTnAuEBLvAhKdmIYX6k7W/TnX1kvJcBQ0AN1WhcbmnxQhcww2bn5s LB2VA91XKg8BaNItodEx03EsUEpbjIvxmnBoCbTgYxcVaKs76qxzP9DENZmGNV/b JTSEo7xAyGnRQ42l4pm1Lxj/8kAZLrZ5VfNK2DBmmDTeZ8eCUAI= =372g -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
