I need to configure a Java Angular application to use SSL.
This is how I'm doing.
Generated the .jks using this command:
keytool -genkey -alias myservername -keyalg RSA -keysize 2048 -keystore myservername.jks -dname "CN=myservername, O=MyOrg, L=, ST=, C=" && keytool -certreq -alias myservername -file myservername.csr -keystore myservername.jks
It generated a myservername.csr file and a myservername.jks file.
Then, I ran this command
keytool -list -keystore myservername.jks
and got this result:
myservername, Oct 20, 2023, PrivateKeyEntry,
Certificate fingerprint (SHA-256): xxxxxxxx
Then I sent the myservername.csr file to the certificate authority and they sent me back this:
-----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----
I pasted that into a myservername.cer file.
I double click the myservername.cer and went to certificate path tab and I see this: rootcertname > intermediatecertname > myservername
myservername is the alias I choose in the first command above.
Then I clicked rootcertname > view certificate > details > copy to file > next > Base 64 encoded x.509 (cer)
It generated rootcertname.cer
Then I clicked intermediatecertname > view certificate > details > copy to file > next > Base 64 encoded x.509 (cer)
It generated intermediatecertname.cer
Then I imported both certificates to the keystore like this:
keytool -keystore myservername.jks -import -alias intermediate -trustcacerts -file intermediatecertname.cer
keytool -keystore myservername.jks -import -alias root -trustcacerts -file rootcertname.cer
Then I ran this command again to list the certificates in the keystore:
keytool -list -keystore myservername.jks
and got this result:
intermediate, Oct 23, 2023, trustedCertEntry,
Certificate fingerprint (SHA-256): xxxx
root, Oct 23, 2023, trustedCertEntry,
Certificate fingerprint (SHA-256): xxx
myservername, Oct 20, 2023, PrivateKeyEntry,
Certificate fingerprint (SHA-256): xxxx
So it has the privatekey (generated in the first command above) plus the root and intermediate certificates from the Certification Authority.
Copied myservername.jks to Tomcat \conf folder.
And configured Tomcat server.xml connector as follows:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="conf\myservername.jks"
keystorePass="mypass"
keystoreType="JKS" />
But when I access the application on the browser using https I the following error message:
ERR_CONNECTION_TIMED_OUT
It is not a network issue because if I configure server.xml to access it again using http (instead of https), the application opens normally.
It is not a network issue because if I configure server.xml to access it again using http (instead of https), the application opens normally.
HTTP and HTTPS use different default ports. HTTP is using port 80, HTTPS port 443. What you describe sounds like a firewall allowing access to port 80 but dropping attempts to access port 443.
While nothing is known about your network environment there are cloud environments which by default block almost anything, including port 443. To allow access one need to actively change the firewall settings to allow access. Note that there might be also multiple firewalls involved in this, like a firewall on the system itself but also firewalls somewhere between the client and server system.