Running SNI successfully 8.5.11 since mid January. Installed 8.5.14.
Used same server.xml (snippet below).
Wildcard certificate works under 8.5.11, but errors under 8.5.14.
If Connector for port 443 with wildcard is removed, startup succeeds.
I'm guessing the asterisk can't be stored in the bean.
Below is startlog for both versions.
server.xml...
<Connector executor="tomcatThreadPool"
address="192.168.52.11" port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector executor="tomcatThreadPool"
address="192.168.52.13" port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector executor="tomcatThreadPool"
address="192.168.52.15" port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector address="192.168.52.11" port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
SSLEnabled="true" scheme="https" secure="true"
defaultSSLHostConfigName="*.mydomain.com"
maxThreads="150" compression="false" enableLookups="false" >
<SSLHostConfig hostName="*.mydomain.com">
<Certificate certificateKeystoreFile="conf/keystore.jks"
certificateKeystorePassword="mypass"
certificateKeyAlias="wildcard_mydomain"
type="RSA" />
honorCipherOrder="true"
protocols="TLSv1.1+TLSv1.2"
ciphers="
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
...
### 8.5.11 - good startup ###
org.apache.catalina.startup.VersionLoggerListener.log Server
version: Apache Tomcat/8.5.11
org.apache.catalina.startup.VersionLoggerListener.log Server
built: Jan 10 2017 21:02:52 UTC
org.apache.catalina.startup.VersionLoggerListener.log Server
number: 8.5.11.0
org.apache.catalina.startup.VersionLoggerListener.log OS
Name: Linux
org.apache.catalina.startup.VersionLoggerListener.log OS
Version: 3.10.0-514.16.1.el7.x86_64
org.apache.catalina.startup.VersionLoggerListener.log
Architecture: amd64
org.apache.catalina.startup.VersionLoggerListener.log Java
Home: /usr/java/jdk1.8.0_121/jre
org.apache.catalina.startup.VersionLoggerListener.log JVM
Version: 1.8.0_121-b13
org.apache.catalina.startup.VersionLoggerListener.log JVM
Vendor: Oracle Corporation
org.apache.catalina.startup.VersionLoggerListener.log
CATALINA_BASE: /opt/apache-tomcat-8.5.11
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
/opt/apache-tomcat-8.5.11
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument:
-Djava.util.logging.config.file=/opt/apache-tomcat-8.5.11/conf/logging.properties
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Duser.timezone=US/Eastern
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Xms128m
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Xmx1024m
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Doracle.jdbc.autoCommitSpecCompliant=false
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djdk.tls.ephemeralDHKeySize=2048
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djavax.net.debug=ssl:handshake
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dcatalina.base=/opt/apache-tomcat-8.5.11
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dcatalina.home=/opt/apache-tomcat-8.5.11
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.io.tmpdir=/opt/apache-tomcat-8.5.11/temp
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-192.168.52.11-80"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-192.168.52.13-80"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-192.168.52.15-80"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-192.168.52.11-443"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-192.168.52.13-443"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-192.168.52.15-443"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.catalina.startup.Catalina.load Initialization processed in
1133 ms
org.apache.catalina.core.StandardService.startInternal Starting service
Catalina
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
Engine: Apache Tomcat/8.5.11
ost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory
Deploying web application directory /opt/apache-tomcat-8.5.11/webapps/ROOT
ost-startStop-1]
org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom
Creation of SecureRandom instance for session ID generation using
[SHA1PRNG] took [41,968] milliseconds.
ost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory
Deployment of web application directory
/opt/apache-tomcat-8.5.11/webapps/ROOT has finished in 42,261 ms
ost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory
Deploying web application directory /opt/apache-tomcat-8.5.11/webapps/docs
### 8.5.14 - ERROR startup ###
org.apache.catalina.startup.VersionLoggerListener.log Server
version: Apache Tomcat/8.5.14
org.apache.catalina.startup.VersionLoggerListener.log Server
built: Apr 13 2017 12:55:45 UTC
org.apache.catalina.startup.VersionLoggerListener.log Server
number: 8.5.14.0
org.apache.catalina.startup.VersionLoggerListener.log OS
Name: Linux
org.apache.catalina.startup.VersionLoggerListener.log OS
Version: 3.10.0-514.16.1.el7.x86_64
org.apache.catalina.startup.VersionLoggerListener.log Architecture:
amd64
org.apache.catalina.startup.VersionLoggerListener.log Java
Home: /usr/java/jdk1.8.0_121/jre
org.apache.catalina.startup.VersionLoggerListener.log JVM
Version: 1.8.0_121-b13
org.apache.catalina.startup.VersionLoggerListener.log JVM
Vendor: Oracle Corporation
org.apache.catalina.startup.VersionLoggerListener.log
CATALINA_BASE: /opt/apache-tomcat-8.5.14
org.apache.catalina.startup.VersionLoggerListener.log
CATALINA_HOME: /opt/apache-tomcat-8.5.14
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument:
-Djava.util.logging.config.file=/opt/apache-tomcat-8.5.14/conf/logging.properties
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Duser.timezone=US/Eastern
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Xms128m
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Xmx1024m
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Doracle.jdbc.autoCommitSpecCompliant=false
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djdk.tls.ephemeralDHKeySize=2048
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djavax.net.debug=ssl:handshake
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dcatalina.base=/opt/apache-tomcat-8.5.14
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dcatalina.home=/opt/apache-tomcat-8.5.14
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.io.tmpdir=/opt/apache-tomcat-8.5.14/temp
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-192.168.52.11-80"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-192.168.52.13-80"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-192.168.52.15-80"]
org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a
shared selector for servlet write/read
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-192.168.52.11-443"]
] org.apache.tomcat.util.modeler.Registry.registerComponent Error
registering
Catalina:type=SSLHostConfig,ThreadPool="https-jsse-nio192.168.52.11-443",name=*.mydomain.com
javax.management.RuntimeOperationsException
at com.sun.jmx.mbeanserver.Repository.addMBean(Repository.java:413)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerWithRepository(DefaultMBeanServerInterceptor.java:1898)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerDynamicMBean(DefaultMBeanServerInterceptor.java:966)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerObject(DefaultMBeanServerInterceptor.java:900)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.registerMBean(DefaultMBeanServerInterceptor.java:324)
at
com.sun.jmx.mbeanserver.JmxMBeanServer.registerMBean(JmxMBeanServer.java:522)
at
org.apache.tomcat.util.modeler.Registry.registerComponent(Registry.java:634)
at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:595)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:66)
at
org.apache.catalina.connector.Connector.initInternal(Connector.java:968)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
at org.apache.catalina.startup.Catalina.load(Catalina.java:630)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
Caused by: java.lang.IllegalArgumentException: Repository: cannot add
mbean for pattern name
Catalina:type=SSLHostConfig,ThreadPool="https-jsse-nio-192.168.52.11-443",name=*.mydomain.com
... 23 more
Being able to use SNI in Tomcat is fantastic.
Thank you in advance for your help !!!!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
