Port 8443 — Alternative HTTPS
Port 8443 is to HTTPS (port 443) what port 8080 is to HTTP (port 80) — the unprivileged alternative. When an application needs HTTPS but can't use port 443 (because it requires root/admin privileges on Unix systems, or another service already claims it), port 8443 is the conventional fallback.
What Uses Port 8443?
| Software | Why 8443? |
|---|---|
| Apache Tomcat | Default HTTPS connector. Runs as non-root user alongside Apache/Nginx on 443 |
| VMware vCenter | Web client HTTPS access (vSphere management) |
| Unifi Controller | Network management interface for Ubiquiti devices |
| Synology DSM | NAS admin panel HTTPS (when default port is changed) |
| Kubernetes Dashboard | Often deployed on 8443 to avoid conflicts |
| Spring Boot | When configured for HTTPS in development |
| Plesk | Server management panel |
Tomcat HTTPS on 8443
Tomcat's default server.xml includes a commented-out HTTPS connector on 8443. To enable it:
<!-- In conf/server.xml, uncomment and configure: -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/keystore.jks"
certificateKeystorePassword="changeit"
type="RSA" />
</SSLHostConfig>
</Connector>Generate a self-signed keystore for development:
keytool -genkey -alias tomcat -keyalg RSA \
-keystore conf/keystore.jks -keysize 2048Self-Signed Certificate Warning
When you access https://localhost:8443, your browser will show a security warning about an untrusted certificate. This is normal for development — you're using a self-signed certificate that isn't issued by a trusted Certificate Authority. Click "Advanced" → "Proceed" (Chrome) or "Accept Risk" (Firefox) to continue.
For proper HTTPS without warnings, see our SSL on localhost guide using mkcert.
8443 vs 443
| Port 443 | Port 8443 | |
|---|---|---|
| Standard? | Yes — official HTTPS port | No — conventional alternative |
| Requires root? | Yes (on Unix/Linux/Mac) | No |
| In URL? | Hidden (https://example.com) | Shown (https://example.com:8443) |
| Typical use | Production web servers | Application servers, admin panels, development |
In production, you'd typically put Nginx or Apache on port 443 as a reverse proxy, forwarding HTTPS traffic to Tomcat on 8443 internally. Users never see port 8443 — they access https://yoursite.com on 443, and the proxy handles the rest.
Troubleshooting
"Connection refused" on 8443: The HTTPS connector isn't enabled or the application didn't start. Check application logs and verify the SSL configuration is valid (correct keystore path and password).
Browser shows "This site can't provide a secure connection": The SSL certificate or configuration is broken — not just self-signed, but actually misconfigured. Check that the certificate format matches what the application expects (JKS for Tomcat, PEM for most others).
Port conflict: If something else is already using 8443, find it with:
lsof -i :8443 (Mac/Linux) or netstat -ano | findstr :8443 (Windows).