From: Mark Thomas <[email protected]>
To: Tomcat Users List <[email protected]>
Cc:
Date: Wed, 3 Aug 2016 15:49:12 -0700
Subject: Re: Multiple SSL config with single IP on Tomcat 8.5.4
On 03/08/2016 15:05, Kent Smotherman wrote:
> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a
single
> IP. My relevant server.xml looks like this:
>
> <Connector port="9090" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="9443" />
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true" hostName="
> firstnationalsculpturepark.com"
> clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
> firstnationalsculpturepark.com"
>>
> <SSLHostConfig hostname="firstnationalsculpturepark.com">
> <Certificate
> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
> certificateKeystorePassword="xxxxxxx"
> certificateKeyAlias="firstnationalsculpturepark"
> />
> </SSLHostConfig>
> </Connector>
>
> This gives me this error on startup:
>
> 03-Aug-2016 16:47:04.541 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
> property.
>
> I'm not sure what I'm doing wrong, as the hostName property is indicated
in
> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
> then causes an error trying to find the default keystore file since it
> isn't using the one I've specified, but that is expected.)
Take another look at the error messge. It is complaining about an
invalid attribute on the Connector, not the SSLHostConfig.
Mark
---------------
Thanks! I removed the hostName attribute from the Connector, and now all I
have left is the same error complaining that it cannot find .keystore, when
it should be looking for twinfeats.keystore:
<Connector port="9443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
defaultSSLHostConfigName="www.twinfeats.com">
<SSLHostConfig hostName="www.firstnationalsculpturepark.com">
<Certificate
certificateKeystoreFile="/apache/conf/twinfeats.keystore"
certificateKeystorePassword="takara36"
certificateKeyAlias="firstnationalsculpturepark"
/>
</SSLHostConfig>
<SSLHostConfig hostName="www.twinfeats.com">
<Certificate
certificateKeystoreFile="/apache/conf/twinfeats.keystore"
certificateKeystorePassword="xxxxxxxxx"
certificateKeyAlias="twinfeats"
/>
</SSLHostConfig>
</Connector>
And the error:
04-Aug-2016 10:01:16.755 SEVERE [main]
org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
type [JKS] with path [/home/twinfeats/.keystore] due to
[/home/twinfeats/.keystore (No such file or directory)]
java.io.FileNotFoundException: /home/twinfeats/.keystore (No such file or
directory)
I've reviewed my server.xml as excerpted above, but I don't see any
remaining silly mistakes. Any clues?
Thanks!
Kent
