stackoom
  简体   繁体   中英

AWS Single Instance Tomcat SSL

 原文  2014-10-24 02:37:35       java/ tomcat/ ssl/ amazon-web-services/ amazon-ec2

Question

I'm trying to setup a Apr SSL Connector on my EC2 tomcat instance but it's not working, I don't know why.

I have valid certificate and public key files. Apr module is installed, I've added port 8443 to my EC2 instance's security group but when I'm trying to access the link https://myapp-env.elasticbeanstalk.com:8443/ the page is not available.

I've added the following configuration to tomcat's server.xml: 

<Connector 
    port="8443" 
    protocol="org.apache.coyote.http11.Http11AprProtocol"
    maxThreads="200" 
    scheme="https" 
    secure="true"
    SSLEnabled="true" 
    SSLCertificateFile="/etc/ssl/certs/myapp.crt" 
    SSLCertificateKeyFile="/etc/ssl/certs/myapp.key"
    clientAuth="optional" 
    sslProtocol="TLSv1" />

Tomcat's log doesn't show any error message, it's exactly the opposite: 

Oct 24, 2014 1:51:50 AM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1h 5 Jun 2014)
Oct 24, 2014 1:51:50 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "http-apr-8080"
Oct 24, 2014 1:51:51 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "ajp-apr-8009"
Oct 24, 2014 1:51:51 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "http-apr-8443"
Oct 24, 2014 1:51:51 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2083 ms
Oct 24, 2014 1:51:51 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Oct 24, 2014 1:51:51 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.55

What am I missing? Thanks in advance.

端口8443已添加到安全组

1 answers

solution1
 1  2014-10-24 14:45:18

It's actually easier than I thought, far easier! I've found the appropriate documentation in:

http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html

In short, having the certificate and private key, in a Linux AMI, you must run the following commands: 

sudo yum install apr.i686
sudo yum install mod_ssl
sudo yum install tomcat-native.x86_64
aws configure (enter your aws account data here)
aws iam upload-server-certificate --server-certificate-name yourAliasHere --certificate-body file://certificate.crt.pem --private-key file://private.key.pem

It's mandatory to use file:// notation. After that, just go to your Elastic Beanstalk, Configuration, Load Balancing and set Secure listener port and SSL certificate ID (which you've just uploaded) fields then Save.

在此处输入图片说明

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Configuring SSL certificate to SINGLE Elastic Beanstalk TOMCAT instance AWS Elastic Beanstalk single instance with SSL config throws “HTTP method names must be tokens” EC2 AWS Instance: Check if tomcat is running Multiple apps on a single tomcat and postgres instance? how to create two listners in single tomcat instance? Create one single instance per tomcat Multiple Certificates In Single Keystore & One Tomcat Instance How to install a ssl certificate for tomcat server on a aws linux machine Configure tomcat SSL with single certificate that has multiple aliases Setting reverse proxy in aws instance, running tomcat server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM