Tomcat SSL behind a firewall

Posted on 2011-04-21
Last Modified: 2013-12-02
I have a Tomcat 7 acting as a web server on a windows 2008 server.  It is using a certificate from GoDaddy for SSL.  Everything works fine internally.  I have a Watchguuard 1250 NAT rule pointing to the internal address.  DNS resolves just fine.  When trying to access the site from an external location, the web pages fail to load using IE8, Firefox loads okay, and Chrome gives "Err 113 ERR_SSL_VERSION_OR_CIPHER_MISMATCH".  So I am inclined to believe that it has something to do with the SSL and Watchguard.  I have a similar server using a self-signed certificate with no problem

          <Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
                   port="8080" maxThreads="200"
                   scheme="https" secure="true" SSLEnabled="true"
                   SSLCertificateChainFile = "C:\keystore\chainfile"


Question by:danielq
    LVL 9

    Accepted Solution

    Is there a policy, outgoing especially, that is stripping any packet information? Most proxy policies will at least change the machine name. This will then not match the name on the cert.
    LVL 14

    Assisted Solution

    did you check the policy in watchguard?
    if you chose a proxy, you can select either "https client" or "server" as proxy action?

    Author Closing Comment

    Yes I chaned my rule from a proxy to a tcp/udp packer rule

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
    Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now