I'm working with tomcat 8.5.35 to configure SSL....
(current system is tomcat 7.5 using JKS keystore and truststore)..
I finally have the certificate parts working with the default (commented
out) APR connector..
it bothers me (doesn't seem intuitive) that the logging shows
"useAprConnector [false]" as in:
INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
so I'm experimenting with changing the protocol section from:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
to
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
(or
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
)
since those are what are actually being used.....
but with either of those selected, each time a browser accesses the system,
the catalina log shows:
org.apache.coyote.http2.ConnectionSettingsBase.set Connection [0], An
unknown setting with identifier [2147483647] and value [2] was ignored
(this doesn't happen when the APR protocol is selected).
Any idea what setting this refers to?
(entire connector section below):
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
/>
<SSLHostConfig
certificateVerification="optional"
caCertificateFile="C:\certs\trustStore.cer"
>
<Certificate certificateKeyFile="C:\certs\tomcat.key"
certificateFile="C:\certs\tomcat.crt"
type="RSA"
certificateChainFile="C:\certs\keystore-chain.cer"
/>
</SSLHostConfig>
</Connector>
