...in configuring-tomcat-for-tls.html on host microservices. Below, when there's no obivous hostname in the prompt, the host is understood to be microservices (russ-microservices).
$ sudo bash # cd /opt/tomcat /opt/tomcat# mkdir certificates /opt/tomcat# chown tomcat:tomcat certificates /opt/tomcat# cd certificates /opt/tomcat/certificates# keytool -genkeypair -keyalg RSA -keysize 2048 -validity 365 -dname "CN=tomcat" \ -ext san=dns:tirion -alias tomcat -keystore tomcat.jks -storepass changeit -keypass changeit /opt/tomcat/certificates# chown tomcat:tomcat tomcat.jks /opt/tomcat/certificates# keytool -list -v -keystore tomcat.jks -storepass changeit Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 1 entry ... Certificate fingerprints: SHA1: 62:57:C8:3D:15:D2:9F:DD:53:AB:8C:F4:89:55:FA:5F:DE:84:F7:84 SHA256: F7:38:94:61:C1:25:77:C2:BC:BE:3D:BD:C2:86:50:90:83:6D:E3:EA:EF:C5:C1:B1:AD:72:5C:B7:7E:60:DA:67 ... #1: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: tirion ] ... /opt/tomcat/certificates# cd .. /opt/tomcat# vim conf/server.xml <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8443" protocol="HTTP/1.1" connectionTimeout="20000" scheme="https" secure="true" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateAlias="tomcat" certificateKeystoreFile="certificates/tomcat.jks" certificateKeystorePassword="changeit" /> </SSLHostConfig> </Connector> /opt/tomcat# curl --insecure --request GET https://localhost:8443/ /opt/tomcat# curl --insecure --request GET https://localhost:8443/mdht-restlet/opt/tomcat# tail -f logs/catalina.out ... Copyright (c) 2018-2023 by IMAT Solutions and Perfect Search Corporation. Proprietary and confidential. All rights reserved. 07-Feb-2023 05:51:41.771 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/tomcat/webapps/mdht-restlet##3.4.4-7.war] has finished in [646] ms 07-Feb-2023 05:51:41.771 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/opt/tomcat/webapps/fhir-server##1.0.2-3.war] 07-Feb-2023 05:51:44.014 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/opt/tomcat/webapps/fhir-server%23%231.0.2-3/WEB-INF/lib/logback-classic-1.2.10.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/opt/tomcat/webapps/fhir-server%23%231.0.2-3/WEB-INF/lib/slf4j-simple-1.7.32.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder] 07-Feb-2023 05:51:44.081 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/opt/tomcat/webapps/fhir-server##1.0.2-3.war] has finished in [2,310] ms 07-Feb-2023 05:51:44.082 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/ROOT] 07-Feb-2023 05:51:44.089 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/ROOT] has finished in [7] ms 07-Feb-2023 05:51:44.090 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/host-manager] 07-Feb-2023 05:51:44.105 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/host-manager] has finished in [16] ms 07-Feb-2023 05:51:44.105 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/manager] 07-Feb-2023 05:51:44.114 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/manager] has finished in [9] ms 07-Feb-2023 05:51:44.114 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/docs] 07-Feb-2023 05:51:44.121 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/docs] has finished in [7] ms 07-Feb-2023 05:51:44.121 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat/webapps/examples] 07-Feb-2023 05:51:44.198 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat/webapps/examples] has finished in [76] ms 07-Feb-2023 05:51:44.200 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 07-Feb-2023 05:51:44.209 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-jsse-nio-8443"] 07-Feb-2023 05:51:44.210 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [7204] milliseconds 07-Feb-2023 05:55:37.282 INFO [https-jsse-nio-8443-exec-1] com.sun.jersey.api.core.PackagesResourceConfig.init Scanning for root resource and provider classes in the packages: com.imatsolutions.servlet 07-Feb-2023 05:55:37.326 INFO [https-jsse-nio-8443-exec-1] com.sun.jersey.api.core.ScanningResourceConfig.logClasses Root resource classes found: class com.imatsolutions.servlet.MdhtRestlet class com.imatsolutions.servlet.MdhtSerializeIxmlPojoInfo class com.imatsolutions.servlet.MdhtDocumentationtirion ~ $ nc -zvw3 russ-microservices 8080 Connection to russ-microservices 8080 port [tcp/http-alt] succeeded! tirion ~ $ nc -zvw3 russ-microservices 8443 nc: connect to russ-microservices port 8443 (tcp) timed out: Operation now in progress /opt/tomcat# iptables -L -nv | grep 8080 87 5220 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 /opt/tomcat# iptables -L -nv | grep 8443 /opt/tomcat# ufw allow 8443 Rule added Rule added (v6) /opt/tomcat# iptables -L -nv | grep 8443 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8443
Upon the last command, the browser (on tirion), pointed to https://microservices:8443, began cooperating with "You connection is not private."
This means that...