I'm configuring a 4.3 Patch 1 system on Windows for a client and having problems getting SSL to work with Tomcat 9. Because there are some differences in the parameters for SSL config in Tomcat 9, with many of the SSL parameters being deprecated and moved to a new "SSLHostConfig" tag, the old way of configuring this no longer works. So, I've worked through the Tomcat documentation and added this to server.xml to configure SSL on port 443:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="443" connectionTimeout="60000" maxThreads="500" minSpareThreads="25" acceptCount="200"
maxHttpHeaderSize="65536" SSLEnabled="true" scheme="https" secure="true"
enableLookups="false" disableUploadTimeout="true" >
<SSLHostConfig
hostName="boedev.deltadentalnj.com" sslProtocol="TLS" clientAuth="false"
truststoreFile="d:\SSL\keystore.jks" truststorePassword="changeIt" truststoreType="JKS"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" >
<Certificate
certificateKeyAlias="tomcat"
certificateKeystoreFile="d:\SSL\keystore.jks"
certificateKeystorePassword="changeIt"
certificateKeystoreType="JKS"
type="RSA" />
</SSLHostConfig>
</Connector>
I'm sure the keystore is good as the instructions for configuring that haven't changed. After restarting Tomcat, I'm still able to connect using http in IE (I haven't set up the redirect to force https yet), but when I try to use https, I get a message that the page can't be displayed and the Windows Network Diagnostics gives the message "The remote device or resource won't accept the connection".
Has anyone successfully configured SSL on Tomcat 9? Can you point me in the right direction for this?
Thanks!
-Dell