All,
Tomcat: 8.5.23
OS: RHEL 7.5
I am attempting to set up Tomcat to use two keystore's with SNI. Tomcat
starts successfully but but I receive a timeout when trying to access
either of the defined server names.
Here is a single server name configuration that works successfully:
<Connector port="8443"
maxHttpHeaderSize="8192"
maxPostSize="6291456"
maxThreads="150"
protocol="HTTP/1.1"
executor="appExecutor"
enableLookups="false"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreType="PKCS12"
keystoreFile="/app/certs/config/ex1_keystore.p12"
keystorePass="<passwd>" />
Here is the SNI configuration that I'm trying:
<Connector port="8443"
maxHttpHeaderSize="8192"
maxPostSize="6291456"
maxThreads="150"
protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="appExecutor"
enableLookups="false"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8"
SSLEnabled="true"
scheme="https"
secure="true"
defaultSSLHostConfigName="*.example1.com">
<SSLHostConfig hostName="*.example1.com">
<Certificate certificateKeystoreType="PKCS12"
certificateKeystoreFile="/app/certs/config/ex1_keystore.p12"
certificateKeystorePassword="<passwd>"
type="RSA"/>
</SSLHostConfig>
<SSLHostConfig hostName="*.example2.com">
<Certificate certificateKeystoreType="PKCS12"
certificateKeystoreFile="/app/certs/config/ex2_keystore.p12"
certificateKeystorePassword="<passwd>"
type="RSA"/>
</SSLHostConfig>
</Connector>
As mentioned, Tomcat start successfully, but the sites time out. There is
nothing in the logs that indicate a request is even made.
Am I missing something in this configuration? Any guidance is greatly
appreciated.
Best,
HB
