I have a Tomcat7 installation on CentOS 6.7 that should only allow connections on port 443. The /etc/tomcat/server.xml file is configured as such:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="./GoDaddy/Tomcat/combined.crt"
SSLCertificateKeyFile="./GoDaddy/Tomcat/privateKey.key"
SSLVerifyClient="optional" SSLProtocol="TLS"
/>
Furthermore, the /usr/share/tomcat/conf/server.xml is configured as such:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="./GoDaddy/Tomcat/combined.crt"
SSLCertificateKeyFile="./GoDaddy/Tomcat/privateKey.key"
SSLVerifyClient="optional" SSLProtocol="TLS"
/>
IPtables is configured so:
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j DROP
Tomcat is running:
sudo service tomcat status
tomcat (pid 2687) is running... [ OK ]
But when I try to browse to my web application, I get the following:
This webpage is not available
ERR_CONNECTION_REFUSED
I believe that I have followed Apache's instructions on the matter, but it's obvious something is wrong.
What do I need to do to resolve this?
First of all you should check a log file - /var/log/tomcat/catalina.out.
You can't use SSLCertificateKeyFile option with JSEE (BIO/NIO) connectors only with APR. If you want to use APR you must compile and install Tomcat Native. When you will start Tomcat you should see the following lines in the log
If you want to use existing SSL certificate in tomcat, then you need to create a keystore and then import certificates in the keystore. Here is a post explaining how to do it step by step.