I'm trying to setup a Apr SSL Connector on my EC2 tomcat instance but it's not working, I don't know why.
I have valid certificate and public key files. Apr module is installed, I've added port 8443 to my EC2 instance's security group but when I'm trying to access the link https://myapp-env.elasticbeanstalk.com:8443/ the page is not available.
I've added the following configuration to tomcat's server.xml:
<Connector
port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="200"
scheme="https"
secure="true"
SSLEnabled="true"
SSLCertificateFile="/etc/ssl/certs/myapp.crt"
SSLCertificateKeyFile="/etc/ssl/certs/myapp.key"
clientAuth="optional"
sslProtocol="TLSv1" />
Tomcat's log doesn't show any error message, it's exactly the opposite:
Oct 24, 2014 1:51:50 AM org.apache.catalina.core.AprLifecycleListener initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1h 5 Jun 2014)
Oct 24, 2014 1:51:50 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "http-apr-8080"
Oct 24, 2014 1:51:51 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "ajp-apr-8009"
Oct 24, 2014 1:51:51 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler "http-apr-8443"
Oct 24, 2014 1:51:51 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2083 ms
Oct 24, 2014 1:51:51 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Oct 24, 2014 1:51:51 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.55
What am I missing? Thanks in advance.
It's actually easier than I thought, far easier! I've found the appropriate documentation in:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html
In short, having the certificate and private key, in a Linux AMI, you must run the following commands:
sudo yum install apr.i686
sudo yum install mod_ssl
sudo yum install tomcat-native.x86_64
aws configure (enter your aws account data here)
aws iam upload-server-certificate --server-certificate-name yourAliasHere --certificate-body file://certificate.crt.pem --private-key file://private.key.pem
It's mandatory to use file://
notation. After that, just go to your Elastic Beanstalk, Configuration, Load Balancing and set Secure listener port
and SSL certificate ID
(which you've just uploaded) fields then Save.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.