Topic: tomcat 7 SSL issue

[andrewm659]

Hello I'm working with a friend on an old ubuntu 14 server running tomcat 7. We can't get the SSL to work with tomcat 7. It is a wildcard certificate.

I have the SSL set up in my /etc/tomcat/server.xml

<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" SSLEnabled="true" maxThreads="200"
scheme="https" secure="true"
SSLCertificateFile="/etc/ssl/path/to/SSL.crt"
SSLCertificateKeyFile="/etc/ssl/path/to/priv.key"
SSLCertificateChaineFile="/etc/ssl/intermediate_or_chain/SectigoRSADomainValidationSecureServerCA.crt"
clientAuth="false" sslProtocol="TLS" />


However it is not working. I don't have any war/jar running at the moment.

Not sure what I am doing wrong.

There are no errors in the logs that I can see that would point to something. I could load a jar file like PWM or something else that is REALLY simple. Not sure what to test though.

[tangent]

Since Tomcat 7 is several years old now (plus out of support), I'd recommend setting up Apache web server as a secure reverse proxy over your Tomcat instance, rather than trying to get SSL working natively on Tomcat. This would separate your SSL configuration, certificate handling and maintenance away from your application server, and the Java version it currently runs under.

Ok, so you have to set up Apache, but there's lots of information and examples on how to do this out there. Search this site for "ajp and proxy" to see any number of posts, e.g. https://www.apachelounge.com/viewtopic.php?t=7727

PS - I used to the sample.war file from the Tomcat sample application as a default deployment, to check the Tomcat instance was up and running - https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample

[James Blond]

The default location of the log files is /var/log/tomcat/

There should be catalina.log and catalina.out
There you should find log messages about what went wrong.