I am trying to configure Godaddy SSL certificate on my AWS EC2 Linux AMI Instance. But whatever I try it just refuses the connection. However I have already opened the inbound 443 port in the security group. I have configured it several time on LAMP but its first time on java so maybe I am missing something?
I followed this Godaddy's tomcat guide to setup the SSL on my instance. And I also read the below threads to overcome the problem but still its not working
1. Install SSL on EC2 Server
2. EC2 instance running apache tomcat port 8443 not accessible
These are the steps I followed:
This is how I setup the tomcat keystore
keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore
keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore
sudo keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file /etc/ssl/WSssl/gd_bundle-g2-g1.crt
sudo keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file /etc/ssl/WSssl/gdig2.crt.pem
sudo keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file /etc/ssl/WSssl/ab51xxxxx79.crt
Configured the key file on tomcat 8.5 server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/home/ec2-user/tomcat.keystore" keystorePass="exxxxxxxxxxxxxM"
clientAuth="false" sslProtocol="TLS" />
IP Tables to redirect
sudo iptables -t nat -n -L PREROUTING --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 8443
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
These are Security Group inbound rules, directly connected without my ec2 instance with any load balancer Inbound Rules
This is the problem, it is refusing every Https request Refused Error
And this is Godaddy certificate checker result
I think the issue is with port because request is not even hitting to server. Can anyone point out any problem?
For clearification this is the specs:
AWS EC2 running on Amazon Linux AMI
Java 8 , Tomcat 8.5
Spring MVC with Spring Security Project
Finally, it is working there was nothing wrong with the configurations itself. While reading catalina.out I found that tomcat was not able to read tomcat.keystore file due to user permissions.
Learnings: Always read the logs first
EDIT: Anyone can use it as a guide for setting up SSL
