0

I've tried may things to get this working. I have a web app I'm developing. javascript front-end that talks via json to a java back-end. the entire thing runs on an embedded tomcat 8 instance. it works fine until i try to enable ssl/tls encryption.

before adding ssl

Tomcat tomcat = new Tomcat();
String webappDirLocation = "src/main/webapp/";

String webPort = System.getenv("PORT");
if (webPort == null || webPort.isEmpty()) {
    webPort = "8080";
}

tomcat.setPort(Integer.valueOf(webPort));
Connector connector = tomcat.getConnector();
connector.setURIEncoding("UTF-8");
tomcat.addWebapp("/", new File(webappDirLocation).getAbsolutePath());
System.out.println("configuring app with basedir: " + new File("./" + webappDirLocation).getAbsolutePath());

tomcat.start();
tomcat.getServer().await();

after I attempted to add ssl with self signed cert.

Tomcat tomcat = new Tomcat();
String tmp = "1q2w3e4r5t";
String filePathToStore = "src/main/app/ssl/keystore.jks";
char[] keystorePasswordCharArray = tmp.toCharArray();

Connector httpsConnector = new Connector();
httpsConnector.setPort(8843);
httpsConnector.setSecure(true);
httpsConnector.setScheme("https");
httpsConnector.setAttribute("keyAlias", "tomcat");
httpsConnector.setAttribute("keystorePass", keystorePasswordCharArray);
httpsConnector.setAttribute("keystoreFile", new File(filePathToStore));
httpsConnector.setAttribute("clientAuth", "false");
httpsConnector.setAttribute("sslProtocol", "TLS");
httpsConnector.setAttribute("SSLEnabled", true);

Service service = tomcat.getService();
service.addConnector(httpsConnector);
Connector defaultConnector = tomcat.getConnector();
defaultConnector.setRedirectPort(443);

String webappDirLocation = "src/main/webapp/";

Connector connector = tomcat.getConnector();
connector.setURIEncoding("UTF-8");
tomcat.addWebapp("/", new File(webappDirLocation).getAbsolutePath());
System.out.println("configuring app with basedir: " + new File("./" + webappDirLocation).getAbsolutePath());

tomcat.start();
tomcat.getServer().await();

I just want a simple web service that is ideally embedded so that deployment and configuration is simple.

to generate the keypair i used the command:

keytool -genkeypair -keystore keystore.jks -keyalg RSA -alias tomcat

I then copied the keystore.jks into my app/ssl/ directory.

it will run and compile with no errors. when i attempt to access the site at https:\\localhost Firefox complains with: 

(Error code: ssl_error_rx_record_too_long)

and the eclipse console will spit out a trace

Jan 06, 2016 9:14:25 PM org.apache.coyote.http11.AbstractHttp11Processor process
INFO: Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name   at          org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:228)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1010)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

the site is still accessible at http:\\localhost:443 What do i need to do to install the certificate? export from the key store and put it in my browser? i expected just a warning message.

continuing to troubleshoot i found a simple program called SSLPoke, this is the error i get:

java SSLPoke localhost 443
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
    at sun.security.ssl.AppOutputStream.write(Unknown Source)
    at sun.security.ssl.AppOutputStream.write(Unknown Source)
    at SSLPoke.main(SSLPoke.java:23)

so it seems that my connection is not speaking https even though I'm listing there, still cant figure it out.

Improve this question
3
  • what errors are you getting? Commented Jan 7, 2016 at 2:46
  • usually, when you are asked to provide the errors, it is better to edit the question and include them, so it is easier to not miss any detail. Also, that error happens, when the port is open, but the certificate is not correctly installed on the server. Commented Jan 7, 2016 at 3:29
  • Related. stackoverflow.com/questions/18071135/… Commented Jul 28 at 12:55

3 Answers 3

Reset to default
4

This is not related to the question asked but i got the same exception. I was trying to test my code(rest api call) and I was using https://localhost:2001 and I got Invalid character (CR or LF) found in method name.

The issue is I should be using http not https.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Take this with a grain of salt because I have never configured Tomcat.

With that said it looks like you've configured a server on 8843(did you mean to use 8443?) with your certificate but haven't configured it for 443. I think you'll need configuration for a 443 server as well. Right now if you connect on 443 you're probably not connecting encrypted and probably why you're receiving those errors.

In your original configuration you had the site running on port 80. Another suggestion would be run to try just running on 443. Change httpsConnector.setPort(8843); to httpsConnector.setPort(443);

Improve this answer

1 Comment

ive switched it all ports to 443, it connects to it but not in secure mode. i would figure the the three lines should place it in secure mode httpsConnector.setPort(443); httpsConnector.setSecure(true); httpsConnector.setScheme("https");
-2

I have the same problem.

Have you try to run this code on heroku ?

If, yes maybe you can use this :

https://robots.thoughtbot.com/set-up-cloudflare-free-ssl-on-heroku

Improve this answer

1 Comment

Wow. I only found this one today. Seems like a challenger to Let's Encrypt one to some extent.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.