I would like to know if anybody has experience working with SSL and HTTPS on a Google Compute Engine (not GAE) instance. I have been unable to use HTTPS with my website: browsers and online test tools fail to connect to my server.

My environment is ubuntu-1404-trusty-v20141212 and Tomcat 8.

Here's what I did:

• I ticked "allow HTTP" and "allow HTTPS traffic" on the instance's network settings
• Installed my $4 Comodo certs.
• Used as-is Connector configuration on server.xml with only keystore and password added

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/ssl/private/tomcat.keystore" keystorePass="password" />

I get the aforementioned error when I start my Tomcat and go to https://mysite.com:8443. Some diagnostics are:

• Log catalina.out doesn't say anything severe.

• Using netstat -ntlp |grep :8443

  tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 8500/java shows my tomcat is listening at 8443

Finally I created an AWS EC2 instance with the same environment and installed my SSL certificates. It immediately works without any tinkering with port and firewall. Any advice on how to make SSL work on GCE is appreciated.

Figured it out myself. As suspected, this does have something to do with firewall. When allowing HTTPS traffic in a GCE instance, the default port is 443 not 8443. Either change the listening port or change the firewall rule here:

Google Developers Console->Compute Engine->Networks->the network's name the instance is associated with->Firewall rules.

Several rules are listed, in my case I need to modify default-allow-https