I am using coldfusion 2016 and trying to test secure websockets using a self signed cert generated in IIS and then imported to a jks keystore file. In the coldfusion admin on the websocket page I have checked the secure box and entered the path to the jks keystore as well as password... I believe I have done this correctly bc it will scream at me if I enter the wrong password
keystore= C:\ColdFusion2016\jre\bin\websocket.jks
keystore password = changeit
I have tested on all browsers and they all fail to connect... for example in chrome:
cfwebsocketCore.js:21 WebSocket connection to 'wss://in001204.amcnt.amc.edu:8543/cfusion/cfusion' failed: Error in connection establishment: net::ERR_CONNECTION_CLOSED
I have imported the original pfx cert that I converted to jks into chrome but that doesn't help.
I have tried adding the tag below to the server.xml file and that didn't help
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\ColdFusion2016\jre\bin\websocket.jks"
keystorePass="changeit"
keystoreType="JKS" />
Related
I have a legacy application that I have no idea what's inside. The app is running on a windows 10 server under http protocol. I need to make it work with https using the keytool and certificates. On this server an API is running such that I dont need a domain name for it. So I want to make the ssl connection without a domain name using the ip address. I am running apache tomcat 9.0.36 with the following server.xml configuration. And ports : 12001, 12002, 8433, 433, 80, 8000, 8080 are open for testing purposes.
<Connector port="12001" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" URIEncoding="UTF-8" maxThreads="1000" acceptCount="1000" minSpareThreads="50"/>
<!-- A "Connector" using the shared thread pool -->
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443" protocol="HTTP/1.1"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="D:\apache-tomcat-9.0.36\conf\keystore.jks"
keystorePass="********"
clientAuth="false" acceptCount="100"
/>
Ran the following command to generate the SSL certificate.
keytool -genkey -keyalg RSA -alias tomcat -keystore keystore.jks -validity 365 -keysize 2048
Checked the certificate (ok)
keytool -list -v -keystore keystore.jks
When I go to the https://ip:8433, I cannot connect to the server this site cannot be reached ERR_CONNECTION_RESET
When I go to http://ip:12001, there is no redirect and ERR_CONNECTION_RESET
I am using tomcat 9 and trying to configure SSL.
STEP1 : Created a tomcat.jks certificate using the command keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore tomcat.jks and stored in%CATALINA_HOME%\ssl location.
STEP2. in server.xml, add below:
<Connector port="8443"
org.apache.coyote.http11.Http11Processor.service="HTTP/1.1"
connectionTimeout="20000"
sslEnabled="true"
scheme="https"
certificateKeystoreFile="ssl/tomcat.jks"
certificateKeystorePassword="tomcat"
clientAuth="false"
sslProtocol="TLS">
</Connector>
While launching https://localhost:8443 getting the error as Failed to load resource: net::ERR_FAILED . Any settings i am missing. Please help.
https://localhost:8443 - try using one of the valid cert URLs - the problem is you don't have localhost as a valid cert DNS name in the jks file (and shouldn't)
chrome://flags/#allow-insecure-localhost
Enabled the flag
For applications that do not require an SSL certificate or which doesn't have one, either a self hosted website or an application deployed locally, Chrome allows disabling the warning about https certificates if the address is localhost. Do the following:
Open Google Chrome
Enter the below into the address bar in Chrome.
chrome://flags/#allow-insecure-localhost
Set the option to enabled on allow-insecure-localhost
I'm setting up a key for HTTPS in JBoss 6 and it keeps showing me the error
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The certificate is valid.
I created the jks using this command:
keytool -import -trustcacerts -alias root -file certificate.crt -keystore JksName.jks
The server.xml file is like this:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore-->
<Connector port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="path"
keystorePass="psswd" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"/>
But it keeps showing that error in chrome. Already tried in other browsers and it does not work too.
Although the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error could indicate any SSL version mismatch or no common cipher suites between the browser and the server, this error probably means that the server only supports RC4.
You will need to enable support for additional cipher suites.
I am getting this error in FF when I try to reach my application.
(Error code: ssl_error_weak_server_ephemeral_dh_key)
I was following this HOW TO on configuring SSL, but it does not work. So how to configure TomEE?
What I did was generate keystore:
keytool -genkeypair -v -dname "cn=NAME, ou= NEME, o= NAME, l=CITY, st=STATE, c=XX" -alias tomcat - keypass PASS -storepass PASS -keyalg RSA -validity 3650
And added to server.xml:
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8444" keystoreFile="KEYSTORE_FILE" keystorePass="PASS"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
But it doesn't work
The error you are seeing is due to Firefox's mitigation for the Logjam attack . To fix this, you'd have to increase your DH key length, which unfortunately, does not appear to be an option at this time for Tomcat or TomEE.
The options you have at this time are
a) Remove support for DH cipher suites for your server and only allow non-DH cipher suites. This is described in the official Logjam mitigations page (scroll down to the section titled "Apache Tomcat"). Pay close attention to the note about the action needed to use 256 bit AES ciphers.
OR
b) Disable the security settings in Firefox to allow connections to sites like yours that have weak DH keys. This is not advisable as your users may not be willing to decrease their security just to access your site. This is described in a related Security Stack Exchange answer.
I want to configure https on my Tomcat Server. I got FreeSSL certificate. But I don't know steps to proceed.
1. I got an email from FreeSSL provider with the text of the SSL certificate
2. I copied this text into file with extension .p7b
3. I added this certificate to new keystore
4. In server.xml I inserted path to this keystore and the pass as in:
<Connector
SSLEnabled='true'
keystoreFile="/path/to/certificates/keystore"
keystorePass="password"
maxSpareThreads='75'
port='8443'
proxyPort='443'
algorithm='SunX509'
enableLookups='false'
secure='true'
maxThreads='150'
connectionTimeout='20000'
disableUploadTimeout='true'
scheme='https'
minSpareThreads='5'
maxHttpHeaderSize='8192'
sslProtocol='SSL'
acceptCount='200'
clientAuth='false'
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
/>
But after this steps I get next error:
Cannot communicate securely with peer: no common encryption
algorithm(s). (Error code: ssl_error_no_cypher_overlap)
on FireFox and
A secure connection cannot be established because this site uses an
unsupported protocol. Error code: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
on Chrome
EDIT:
When I requested SSLCertificate I created cert.csr and keystore.keystore. But now I don't use them. Can this be the problem?
EDIT2:
As was written in comments I found the initial keystore and I put in it new certificate. After this I got an error on firefox:
Secure Connection Failed
The connection to domain.com:8443 was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Here's how I set one way SSL for Tomcat 7
Hope it would be help
$Tomcat\bin>keytool -genkey -v -alias ***your alias***
-keyalg RSA -validity ***how many days***
-keystore ***your keystore file path*** keystore
-dname "CN=***www.yourdomain.com***,
OU=***Your Organizational Unit***, O=***Your Organization***,
L=***Your City***, ST=***Your State***, C=***Your Country correct***"
-storepass ***your keystore password*** -keypass ***your key password***
And in the server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="***your keystore file path***"
keystorePass="***your keystore password***" />