SSL setting on Apache+Tomcat

:warning: IMPORTANT, please fill the questions

We assume you are using Bitnami to deploy your application.

  • Which version of the application are you using?: 8.0.43

  • Please choose how you got the application: Installer (Windows, Linux, macOS), cloud image (AWS, GCE, Azure, …) or VM (VMDK, VBOX): GCE

  • Have you installed any plugin or modified any configuration file?: NO

  • Describe here your question/suggestion/issue (expected and actual results):
    I installed the BITNAMI tomcat on GCE. Then, I tried to set up the SSL on tomcat according to the Bitnami guide for the setting (https://docs.bitnami.com/google/infrastructure/tomcat/#how-to-enable-ssl-access-over-https).

  • Steps to reproduce the issue (if relevant):

  1. I created a keystore based on the apache documentation (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) and then stored it in “/stack/apache-tomcat/conf/ssl” directory.
  2. I moved the key and certificate (server.key, server.crt) under “/stack/apache2/conf” directory into the “/stack/apache-tomcat/conf/ssl” directory.
  3. Then, I uncomment the following line in the /opt/bitnami/apache-tomcat/conf/server.xml file as follows:
  4. I restarted the tomcat and tried to access a page with “https://SERVER-IP:8443

But, I failed.

Could you please help me resolve the issue?

Thank you in advance!

  • Copy the apache log (if relevant):
PASTE HERE

Hi,

When you say that it failed, what do you exactly mean? Did it get a connection refused error? Or maybe it got a certificate not verified error. In the case of the latter, you need to have a verified SSL certificate in order to avoid that error.

Best regards,

Javier J. Salmerón

Hi,
I am facing similar issue (using Tomcat Bitnami Google Click to Deploy). My server.xml is nearly similar as above, except that my keystoreFile, Pass, SSL File and SSL Key Files are located in $HOME instead of /opt/bitnami/…
In my case, Tomcat does start and work as expected, BUT an old certificate (issued to and by example.com) is getting picked up. Despite me having purchased and installed a new certificate.
Interestingly, in my Spring Boot web application, the “embedded” Tomcat does show the new certificate when run on localhost. But when I take my .war to Compute Engine Tomcat Bitnami, it’s just picking up
CN = example.com
OU = Certificate generated at boot time
O = Bitnami
Can you please help.
I am assuming I need to configure Tomcat. Haven’t changed Apache HTTPD files at /opt/bitnami/apache2/conf.

Hi,

Apache is forwarding traffic to Tomcat. Therefore you need to change the certificates in Apache.

This guide should help you:

https://docs.bitnami.com/aws/components/apache/#how-to-enable-https-support-with-ssl-certificates

Hope it helps

Best regards

Javier J. Salmerón


Was my answer helpful? Click on :heart:

1 Like

Yes Javier. Something similar: I followed the steps here https://docs.bitnami.com/aws/faq/troubleshooting/troubleshoot_ssl_issues/ . And was able to see the valid installed SSL Certificate … finally! Thanks.

Hi,

We are glad that you were able to fix the issue. We are marking the previous answer as “Solution” and this topic as “Closed".
If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing to this one if necessary.

Best regards,
Carlos R. Hernández