How to make TOMCAT work with SSL on port 8443 & SSL.

ashok Priyadarshan
ashok Priyadarshan used Ask the Experts™
on
How to configure TOMCAT to work with SSL with a cert.

I have tried to make my TOMCAT work with SSL on port 8443 and have had no luck.

HTTP://localhost:8080 works
https://localhost:8443 SAYS site This site can’t be reached

The cert works with PUTTY  AND winscp so it is good.

I have to shutdown the server to get a catalina.log







02-Jan-2019 13:52:06.397 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version:        Apache Tomcat/8.5.31
02-Jan-2019 13:52:06.401 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Apr 27 2018 20:24:25 UTC
02-Jan-2019 13:52:06.401 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number:         8.5.31.0
02-Jan-2019 13:52:06.401 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Windows 7
02-Jan-2019 13:52:06.402 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            6.1
02-Jan-2019 13:52:06.405 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
02-Jan-2019 13:52:06.405 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             C:\Program Files\Java\jdk1.8.0_92\jre
02-Jan-2019 13:52:06.405 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_92-b14
02-Jan-2019 13:52:06.406 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Oracle Corporation
02-Jan-2019 13:52:06.406 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         D:\tomcat\apache-tomcat-8.5.31
02-Jan-2019 13:52:06.406 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         D:\tomcat\apache-tomcat-8.5.31
02-Jan-2019 13:52:06.407 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=D:\tomcat\apache-tomcat-8.5.31\conf\logging.properties
02-Jan-2019 13:52:06.407 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
02-Jan-2019 13:52:06.409 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
02-Jan-2019 13:52:06.411 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
02-Jan-2019 13:52:06.414 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
02-Jan-2019 13:52:06.417 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=D:\tomcat\apache-tomcat-8.5.31
02-Jan-2019 13:52:06.418 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=D:\tomcat\apache-tomcat-8.5.31
02-Jan-2019 13:52:06.421 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=D:\tomcat\apache-tomcat-8.5.31\temp
02-Jan-2019 13:52:06.424 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.16] using APR version [1.6.3].
02-Jan-2019 13:52:06.426 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
02-Jan-2019 13:52:06.427 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
02-Jan-2019 13:52:07.264 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.0.2m  2 Nov 2017]
02-Jan-2019 13:52:07.430 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
02-Jan-2019 13:52:07.567 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
02-Jan-2019 13:52:07.582 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-8443"]
02-Jan-2019 13:52:08.114 SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-8443]]
 org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:112)
      at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
      at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
      at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
      at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
      at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
      at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
      at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
      ... 12 more
Caused by: java.lang.IllegalArgumentException: Invalid keystore format
      at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:116)
      at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:87)
      at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:225)
      at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1086)
      at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
      at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
      at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
      at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
      ... 13 more
Caused by: java.io.IOException: Invalid keystore format
      at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
      at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
      at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
      at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
      at java.security.KeyStore.load(KeyStore.java:1445)
      at org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:139)
      at org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:204)
      at org.apache.tomcat.util.net.jsse.JSSEUtil.getKeyManagers(JSSEUtil.java:184)
      at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:79)
      at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:114)
      ... 20 more

02-Jan-2019 13:52:08.134 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
02-Jan-2019 13:52:08.138 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
02-Jan-2019 13:52:08.140 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 2255 ms
02-Jan-2019 13:52:08.170 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
02-Jan-2019 13:52:08.173 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.31
02-Jan-2019 13:52:08.205 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [D:\tomcat\apache-tomcat-8.5.31\webapps\SpringMvcJdbcTemplate.war]
02-Jan-2019 13:52:10.327 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
02-Jan-2019 13:52:10.425 INFO [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Root WebApplicationContext: initialization started
02-Jan-2019 13:52:10.726 INFO [localhost-startStop-1] org.springframework.web.context.support.AnnotationConfigWebApplicationContext.prepareRefresh Refreshing Root WebApplicationContext: startup date [Wed Jan 02 13:52:10 EST 2019]; root of context hierarchy
02-Jan-2019 13:52:11.005 INFO [localhost-startStop-1] org.springframework.web.context.ContextLoader.initWebApplicationContext Root WebApplicationContext: initialization completed in 577 ms
02-Jan-2019 13:52:11.172 INFO [localhost-startStop-1] org.springframework.web.servlet.DispatcherServlet.initServletBean FrameworkServlet 'SpringDispatcher': initialization started
02-Jan-2019 13:52:11.182 INFO [localhost-startStop-1] org.springframework.web.context.support.AnnotationConfigWebApplicationContext.prepareRefresh Refreshing WebApplicationContext for namespace 'SpringDispatcher-servlet': startup date [Wed Jan 02 13:52:11 EST 2019]; parent: Root WebApplicationContext
02-Jan-2019 13:52:11.259 INFO [localhost-startStop-1] org.springframework.web.context.support.AnnotationConfigWebApplicationContext.loadBeanDefinitions Found 2 annotated classes in package [net.codejava.spring]
02-Jan-2019 13:52:11.679 INFO [localhost-startStop-1] org.springframework.jdbc.datasource.DriverManagerDataSource.setDriverClassName Loaded JDBC driver: org.apache.derby.jdbc.ClientDriver
02-Jan-2019 13:52:11.967 INFO [localhost-startStop-1] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping.registerHandlerMethod Mapped "{[/],methods=[],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView net.codejava.spring.controller.HomeController.listContact(org.springframework.web.servlet.ModelAndView) throws java.io.IOException
02-Jan-2019 13:52:11.973 INFO [localhost-startStop-1] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping.registerHandlerMethod Mapped "{[/newContact],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView net.codejava.spring.controller.HomeController.newContact(org.springframework.web.servlet.ModelAndView)
02-Jan-2019 13:52:11.981 INFO [localhost-startStop-1] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping.registerHandlerMethod Mapped "{[/saveContact],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView net.codejava.spring.controller.HomeController.saveContact(net.codejava.spring.model.Contact)
02-Jan-2019 13:52:11.985 INFO [localhost-startStop-1] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping.registerHandlerMethod Mapped "{[/deleteContact],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView net.codejava.spring.controller.HomeController.deleteContact(javax.servlet.http.HttpServletRequest)
02-Jan-2019 13:52:11.991 INFO [localhost-startStop-1] org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping.registerHandlerMethod Mapped "{[/editContact],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView net.codejava.spring.controller.HomeController.editContact(javax.servlet.http.HttpServletRequest)
02-Jan-2019 13:52:12.034 INFO [localhost-startStop-1] org.springframework.web.servlet.handler.SimpleUrlHandlerMapping.registerHandler Mapped URL path [/resources/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
02-Jan-2019 13:52:12.296 INFO [localhost-startStop-1] org.springframework.web.servlet.DispatcherServlet.initServletBean FrameworkServlet 'SpringDispatcher': initialization completed in 1122 ms
02-Jan-2019 13:52:12.317 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [D:\tomcat\apache-tomcat-8.5.31\webapps\SpringMvcJdbcTemplate.war] has finished in [4,111] ms
02-Jan-2019 13:52:12.320 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [D:\tomcat\apache-tomcat-8.5.31\webapps\TradingAnalysisService.war]
02-Jan-2019 13:52:13.791 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
02-Jan-2019 13:52:13.821 INFO [localhost-startStop-1] com.sun.jersey.api.core.PackagesResourceConfig.init Scanning for root resource and provider classes in the packages:
  com.infy.TradingAnalysisService
02-Jan-2019 13:52:13.864 INFO [localhost-startStop-1] com.sun.jersey.api.core.ScanningResourceConfig.logClasses Root resource classes found:
  class com.infy.TradingAnalysisService.TimeSeries
  class com.infy.TradingAnalysisService.Sector
  class com.infy.TradingAnalysisService.Stock
  class com.infy.TradingAnalysisService.Company
  class com.infy.TradingAnalysisService.Research
02-Jan-2019 13:52:13.866 INFO [localhost-startStop-1] com.sun.jersey.api.core.ScanningResourceConfig.init No provider classes found.
02-Jan-2019 13:52:13.998 INFO [localhost-startStop-1] com.sun.jersey.server.impl.application.WebApplicationImpl._initiate Initiating Jersey application, version 'Jersey: 1.18.3 12/01/2014 09:47 AM'
02-Jan-2019 13:52:14.799 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [D:\tomcat\apache-tomcat-8.5.31\webapps\TradingAnalysisService.war] has finished in [2,479] ms
02-Jan-2019 13:52:14.804 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\docs]
02-Jan-2019 13:52:15.315 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
02-Jan-2019 13:52:15.322 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\docs] has finished in [518] ms
02-Jan-2019 13:52:15.325 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\examples]
02-Jan-2019 13:52:16.047 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
02-Jan-2019 13:52:16.121 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\examples] has finished in [797] ms
02-Jan-2019 13:52:16.125 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\host-manager]
02-Jan-2019 13:52:16.625 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
02-Jan-2019 13:52:16.632 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\host-manager] has finished in [507] ms
02-Jan-2019 13:52:16.634 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\manager]
02-Jan-2019 13:52:17.127 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
02-Jan-2019 13:52:17.134 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\manager] has finished in [500] ms
02-Jan-2019 13:52:17.135 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\ROOT]
02-Jan-2019 13:52:17.524 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
02-Jan-2019 13:52:17.529 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [D:\tomcat\apache-tomcat-8.5.31\webapps\ROOT] has finished in [394] ms
02-Jan-2019 13:52:17.538 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
02-Jan-2019 13:52:17.552 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
02-Jan-2019 13:52:17.559 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 9416 ms
02-Jan-2019 13:55:45.770 INFO [main] org.apache.catalina.core.StandardServer.await A valid shutdown command was received via the shutdown port. Stopping the Server instance.
02-Jan-2019 13:55:45.771 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8080"]
02-Jan-2019 13:55:45.996 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["https-openssl-nio-8443"]
02-Jan-2019 13:55:46.002 INFO [main] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["ajp-nio-8009"]
02-Jan-2019 13:55:46.195 INFO [main] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
02-Jan-2019 13:55:46.233 INFO [localhost-startStop-2] org.springframework.web.context.support.AnnotationConfigWebApplicationContext.doClose Closing WebApplicationContext for namespace 'SpringDispatcher-servlet': startup date [Wed Jan 02 13:52:11 EST 2019]; parent: Root WebApplicationContext
02-Jan-2019 13:55:46.236 INFO [localhost-startStop-2] org.springframework.web.context.support.AnnotationConfigWebApplicationContext.doClose Closing Root WebApplicationContext: startup date [Wed Jan 02 13:52:10 EST 2019]; root of context hierarchy
02-Jan-2019 13:55:46.260 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["http-nio-8080"]
02-Jan-2019 13:55:46.264 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["ajp-nio-8009"]
02-Jan-2019 13:55:46.268 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["http-nio-8080"]
02-Jan-2019 13:55:46.271 INFO [main] org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler ["https-openssl-nio-8443"]
02-Jan-2019 13:55:46.272 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["https-openssl-nio-8443"]
02-Jan-2019 13:55:46.272 INFO [main] org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler ["ajp-nio-8009"]


Here is the server.xml


<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!--APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation. The default
         SSLImplementation will depend on the presence of the APR/native
         library and the useOpenSSL attribute of the
         AprLifecycleListener.
         Either JSSE or OpenSSL style configuration may be used regardless of
         the SSLImplementation selected. JSSE style configuration is used below.
    -->
   
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" keystoreFile="conf/InvestmentEngiesPrivate.ppk"
               SSLVerifyClient="none" SSLProtocol="TLSv1+TLSv1.1+TLSv1.2">
       
     </Connector>

    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
         This connector uses the APR/native implementation which always uses
         OpenSSL for TLS.
         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
         configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

The cert works with PUTTY  AND winscp so it is good.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
A Putty private key is a little different to a web server certificate

I would suggest using openssl to generate the certificate.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
For Tomcat you need a X509 certificate not an SSH one, and you need to add it to the Java store.
See here for more info & procedure:
https://www.sslsupportdesk.com/ssl-installation-instructions-for-tomcat-using-x509/

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial