Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tomcat & SSL - "Empty reply from server" 1

Status
Not open for further replies.

ChrisCas

Technical User
Jul 6, 2016
2
GB
Hi,

I've been stuck for days with this, researched a lot on Google, tried many things, but it's still a no-go.
I believe I've done the config right, but browsing does still return nothing...
Tried many browsers on different computers... it's definitely a server issue.

More info:
======

# Error messages:
> on IE: "There is a problem with this website’s security certificate" (expected, as the cert's CN is not "localhost") but when clicking "Continue to this website (not recommended)", it ends up on "This page can’t be displayed".
> on FF: "Your connection is not secure", but going to Advanced > Add Exception... it ends up as way the same way on "Secure Connection Failed".
> On Chrome: "The localhost page isn't working"; "localhost didn't send any data"; "ERR_EMPTY_RESPONSE".
> Using CURL from a Linux client:
* Empty reply from server
* Connection #0 to host 170.127.58.55 left intact
curl: (52) Empty reply from server


# I have no problem browsing to - the page displays as expected in all browsers.

# Environment:
Windows 2008 Server
Tomcat 7.0.39
Firewall turned off

# Followed the procedure to activate SSL as given in the Tomcat documentation, using the JSSE / Keystore method.
# I can access the keystore with the alias given, and see the server and root certificates in it.
# OpenSSL check to the site works fine; the certificates are returned as expected.

# Catalina log shows nothing when browsing to the https page (it does when browsing through http). You can see below that both 8080 and 8443 ports seem to have been correctly initiated:

Code:
Jul 06, 2016 7:19:08 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-0.0.0.0-8080"]
Jul 06, 2016 7:19:08 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-0.0.0.0-8443"]
Jul 06, 2016 7:19:08 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Jul 06, 2016 7:19:08 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 6665 ms

# Here is some info & warnings during Tomcat start-up; I'm not sure it's relevant:

Code:
Jul 06, 2016 7:18:59 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Cybertrust\UniCERT\jdk\jre\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Oracle\product\11.2.0\dbhome_1\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Cybertrust\UniCERT\Common;C:\Cybertrust\UniCERT\Publisher;C:\Cybertrust\UniCERT\Publisher\ServiceDlls;C:\Windows\System32\WindowsPowerShell\v1.0\;.
Jul 06, 2016 7:18:59 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxthreads' to '25' did not find a matching property.
Jul 06, 2016 7:18:59 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Valve} Setting property 'resolvehosts' to 'true' did not find a matching property.
Jul 06, 2016 7:18:59 AM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'debug' to '0' did not find a matching property.

# In the "localhost_access_log.2016-07-06" file, see below 3 latest attempts from different machines:

Code:
0:0:0:0:0:0:0:1 - - [01/Jan/1970:00:59:59 +0100] "-" 400 -
170.127.58.8 - - [01/Jan/1970:00:59:59 +0100] "-" 400 -
170.127.58.52 - - [01/Jan/1970:00:59:59 +0100] "-" 400 -

Why is Tomcat returning 400 errors?

# The following lines (between others) can be seen in the "netstat -an" results on the server:

Code:
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING
TCP [..]:8080 [..]::0 LISTENING
TCP [..]:8443 [..]::0 LISTENING

# server.xml connector config below. It was quite simple at the beginning but tried adding a couple of parameters suggested in other forum posts I've found. Still, no luck, it's never worked.

Code:
    <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" 
	disableUploadTimeout="True" enableLookups="false" maxthreads="25" 
	port="8443" keystoreFile="C:\Cybertrust\UniCERT\tomcat\apache-tomcat-7.0.39\#SSL\#KeyStore.jks" keystorePass="password" 
	protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" 
	secure="true" sslProtocol="TLS" 
	address="0.0.0.0" maxHttpHeaderSize="8192" />

Of course, I stop and restart Tomcat after making changes there.

Thanks in advance for your help,
Chris.
 
OK, I've finally found the one responsible in the connector:

protocol="org.apache.coyote.http11.Http11NioProtocol"

changed to:

protocol="HTTP/1.1"

Problem solved! :)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top