By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Connecting back end Tomcat API to front end

0

All, I have a Nodejs, react web frontend that I recently successfully deployed a 3rd party SSL cert to. I then applied that cert to my API back end running on AWS EC2 Linux Tomcat. However after updating to the ssl cert I am unsure if the cert was installed correctly on the TC server. How can I verify that? Previously before having the ssl cert on either the frontend or the backend, the application worked just fine. It just wasn't secure. I'm hoping to resolve that with the SSL cert. Currently I only get the following error: "ERR_CONNECTION_REFUSED". Thanks for any pointers.

  • cxc
    8 months ago

    So, I was able to find additional errors in the logs: 13-Sep-2023 02:53:36.365 WARNING [main] org.apache.tomcat.util.digester.Digester.endElement No rules found matching [Server/Service/Valve] 13-Sep-2023 02:53:36.481 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystoreFile] to [conf/additionalDir/server.p12] 13-Sep-2023 02:53:36.482 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystoreType] to [PKCS12] 13-Sep-2023 02:53:36.482 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystorePass] to [********] 13-Sep-2023 02:53:36.483 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keyAlias] to [tomcat]

    Can anyone point out what my issue is? Should I just redo the whole cert process? Or is it that the file can't be found? Thanks again.

Topics
ComputeSecurity, Identity, & Compliance
Tags
ComputeAWS Certificate ManagerLinux
Language
English
cxc
asked 8 months ago455 views
2 Answers
0

If I understood correctly everything worked prior to installing the SSL certificate.

Can you provide more details on how the connection to your backend server is being made? Where is the front end running? Are all required ports open on SGs and NACLS? Typically SSL works on port 443 so your NACLs, SGs and possible VM firewall rules need to allow traffic on that port.

AWS
Andrei Scorus
answered 8 months ago
  • cxc
    8 months ago

    Hello, thanks for the reply.

    1. Yes everything worked just fine prior to the ssl install.
    2. The Frontend is running on an AWS EC2 Linux node,react web app.
    3. Yes, all needed ports are open in all locations.
    4. I changed the app to port 8443, and made sure those ports were open in all locations. Still no joy... Thoughts? Do I need to do anything special with the cert and route 53? Thanks again.
0

Sorry for the late reply.

It seems like Tomcat is not configured correctly, I would suggest looking into the Tomcat configuration and/or tutorials on how this should be done. Googling on the warnings you posted should give you some pointers.

Is there any particular reason why you want to terminate SSL at your EC2 machine? Have you thought on using an application load balancer for SSL termination instead of your EC2 machine? Using an application load balancer will also grant you additional capabilities like Web Application Firewall and AWS Shield Standard further protecting the underlying infrastructure.

Hope this helps!

AWS
Andrei Scorus
answered 8 months ago
  • cxc
    7 months ago

    I currently am using a LB for the UI side of the application. My understanding is that you only get 1 for free... :-) So trying to get everything up and running on the cheap. Thanks for any additional thoughts.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content