stackoom
  简体   繁体   中英

SSL/TLS communication not happening with Tomcat Server on using self-signed certificate

 原文  2017-10-07 21:14:44       java/ rest/ tomcat/ https/ ssl-certificate

Question

I have configured Tomcat Server (apache-tomcat-9.0.1) with self-signed certificate. On this added required configuration on server.xml, and copied .jks file on conf folder.

Create Self Signed Certificate Configure Tomcat with SSL Stuff

HTTPS Works on browser as expected.

disableSSL Verification while making HttpsURLConnection call to fetch an REST API

Certificate Exception Stuff Disable Certificate Exception

It works ! -

On Server.xml -= only 8443 port configured. On Web Application Security Constraint Configured: 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>OVS</web-resource-name>
        <!-- all URLs are protected -->
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <!-- redirect all requests to HTTPS -->
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Tomcat Server starts without showing any exception on anywhere.

But SSL/TLS communication not happening with Tomcat Server on using self-signed certificate ? . Wireshark captured the packets , expected to see TLS Packets or SSL Handshake But nothing, Only TCP Packets.

Why SSL Handshake not happening ? , Its like because Its verifying only SSL server certificate ? ( as Client Authentication is false ) 

   <Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
    disableUploadTimeout="true" enableLookups="false" maxThreads="150"
    port="8443" keyAlias="london" keystoreFile="conf/londonkey.jks" keystorePass="sumit123"
    protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
    secure="true" sslProtocol="TLS" /> 

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Have you ever tested after configuring the self-signed certificate etc stuff to see If SSL/TLS Communication take place ?

Edit

AS Far as I know that to have SSL Communication between two network entity say A and B, both must have their own private key and public certificate, but on above we have configured only Server with Certificate and Private Key stuff nothing with Client ?, Please correct ?

I have checked various example : posts , but all talking about the generating the key and only configuring the Tomcat Server. For Test, Its talking like browser would be showing certificate exception , accept that exception and all would be set, No Where I found discussion about the actual TLS/SSL handshaking for which we actually configuring the Tomcat Server.

1 answers

solution1
 0  2017-10-08 04:25:51

否,如果非浏览器客户端执行ssl两种方式,则tomcat中的ssl证书是不够的:在客户端上导入tomcat的证书,并在tomcat中导入Client的证书这样您就可以实现2way ssl,您只需创建适当的ssl上下文或覆盖包含密钥库密钥库密码和密钥密码(如果有)的javax.ssl。*

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java SSL/TLS client to connect to & verify server using self-signed certificate which is loaded at run-time? SSL with self-signed certificate Tomcat server AND HTTP Client accepting expired self-signed certificate Accept server's self-signed ssl certificate in Java client HTTPS GET (SSL) with Android and self-signed server certificate Java ssl/https client using a self-signed certificate Call API on server that is signed using Self-Signed Certificate SSL Self-signed Expired Certificate in Java Java server self-signed certificate + client certificate and SSL - connection reset Self-signed certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM