Re: Multiple SSL config with single IP on Tomat 8.5.4

Thu, 04 Aug 2016 08:18:30 -0700 

From: Mark Thomas <ma...@apache.org>
To: Tomcat Users List <users@tomcat.apache.org>
Cc:
Date: Wed, 3 Aug 2016 15:49:12 -0700
Subject: Re: Multiple SSL config with single IP on Tomcat 8.5.4
On 03/08/2016 15:05, Kent Smotherman wrote:
> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a
single
> IP. My relevant server.xml looks like this:
>
> <Connector port="9090" protocol="HTTP/1.1"
>            connectionTimeout="20000"
>            URIEncoding="UTF-8"
>            redirectPort="9443" />
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
>            maxThreads="150" scheme="https" secure="true" hostName="
> firstnationalsculpturepark.com"
>            clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
> firstnationalsculpturepark.com"
>>
>     <SSLHostConfig hostname="firstnationalsculpturepark.com">
>         <Certificate
>                 certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>                certificateKeystorePassword="xxxxxxx"
>                certificateKeyAlias="firstnationalsculpturepark"
>         />
>      </SSLHostConfig>
> </Connector>
>
> This gives me this error on startup:
>
> 03-Aug-2016 16:47:04.541 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
> property.
>
> I'm not sure what I'm doing wrong, as the hostName property is indicated
in
> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
> then causes an error trying to find the default keystore file since it
> isn't using the one I've specified, but that is expected.)

Take another look at the error messge. It is complaining about an
invalid attribute on the Connector, not the SSLHostConfig.

Mark

---------------

Thanks! I removed the hostName attribute from the Connector, and now all I
have left is the same error complaining that it cannot find .keystore, when
it should be looking for twinfeats.keystore:

    <Connector port="9443" SSLEnabled="true"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               defaultSSLHostConfigName="www.twinfeats.com">
      <SSLHostConfig hostName="www.firstnationalsculpturepark.com">
      <Certificate
       certificateKeystoreFile="/apache/conf/twinfeats.keystore"
                   certificateKeystorePassword="takara36"
                   certificateKeyAlias="firstnationalsculpturepark"
      />
      </SSLHostConfig>
      <SSLHostConfig hostName="www.twinfeats.com">
      <Certificate
       certificateKeystoreFile="/apache/conf/twinfeats.keystore"
                   certificateKeystorePassword="xxxxxxxxx"
                   certificateKeyAlias="twinfeats"
      />
      </SSLHostConfig>
    </Connector>

And the error:

04-Aug-2016 10:01:16.755 SEVERE [main]
org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
type [JKS] with path [/home/twinfeats/.keystore] due to
[/home/twinfeats/.keystore (No such file or directory)]
 java.io.FileNotFoundException: /home/twinfeats/.keystore (No such file or
directory)

I've reviewed my server.xml as excerpted above, but I don't see any
remaining silly mistakes.  Any clues?

Thanks!

Kent

Reply via email to