-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Maurice,
On 5/27/20 09:04, Maurice Poos wrote: > Hello Mark, > > It's an honour! > > I reply to this in a non standard way because a few things have > happened while it was night over here. Long story short: it works > now. > > 1) The first thing was that the server got upgraded to v9.0.35 > > Next I've began to work with your suggestions. > >> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" >> port="443" maxThreads="150" minSpareThreads="25" scheme="https" >> secure="true" SSLEnabled="true" <SSLHostConfig> <Certificate >> certificateKeyAlias="rabbit.nl" >> certificateKeystoreFile="/etc/ssl/crt/rabbit.nl.jks" >> certificateKeystorePassword="password2" /> </SSLHostConfig> >> </Connector> >> > > 2) Because v35 changed the connector requirements a bit the closing > ">" after SSLEnabled="true" is mandatory. This immediately made the > above config work. The closing > was always required. This isn't a 9.0.35 requirement or anything. It's ujst ... how XML works. I'm surprised Tomcat even started with a broken XML document. >> Notes: - The protocol attribute is missing so I have added that - >> I'd expect address to be an IP address so I have omitted that >> attribute - maxHttpHeaderSize="8192" is the default so I have >> omitted that attribute - maxSpareThreads="75" is not a recognised >> attribute so I have removed it - acceptCount="100" is the default >> so I have omitted that attribute - disableUploadTimeout="true" is >> the default so I have omitted that attribute - >> enableLookups="false" is the default so I have omitted that >> attribute - clientAuth="false" is the default so I have omitted >> that attribute - sslProtocol="TLS" is the default so I have >> omitted that attribute >> >> I'd then add the hostName attribute to the SSLHostConfig element >> and, once that is working, combine the two. > > 3) After after adding the hostName attribute I did get the error > that you expected below so i added it in the connector. > > >> >> I don't see a defaultSSLHostConfigName configured for the >> Connector. That might trigger the error you are seeing (because >> the _default_ host name won't have an associated certificate. >> >> If that is the issue, we can look at trying to improve that error >> message. >> > > 4) after adding this I've got the working config: > > <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" > port="443" maxThreads="150" minSpareThreads="25" scheme="https" > secure="true" SSLEnabled="true" > defaultSSLHostConfigName="www.rabbit.nl"> <SSLHostConfig > hostName="www.rabbit.nl"> <Certificate > certificateKeyAlias="rabbit.nl" > certificateKeystoreFile="/etc/ssl/crt/rabbit.nl.jks" > certificateKeystorePassword="xxxx1" /> </SSLHostConfig> > <SSLHostConfig hostName="www.appel.nl"> <Certificate > certificateKeyAlias="appel.nl" > certificateKeystoreFile="/etc/ssl/crt/appel.nl.jks" > certificateKeystorePassword="xxxx2" /> </SSLHostConfig> > </Connector> Excellent. Glad you got things working. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl7OduMACgkQHPApP6U8 pFjOcg/+M5uQ7ZPdFZ5HiGqAANcsxJHEIOaPR9DxO68uMR+U1oFVUDF7ucmQhHOj aOgHq/pYUpK0j2mB46TKPTd9BxZVi1kvzmAYHeVKh2XPLSlSwIWRGo0sxl8xiTiz 19ryvGP2AO//Ldb62w69W1KcxHkXa6c2aE7OdHQbvkteHbp0/rJYmNIQYpBhm+bM b04CL+C89OtJk0AnhnEUVFssDoy+JTKLBUB/MvgDgj56WQ59SWC48m4wRQZgWG/6 SLarJCpBe/PtEQJNkhrTI430HHFhgGVaOgCbjaLKHazaoQAT9VYHkJwJ4a3p8rPe 6LKzTSblOrG9MQc2AX6MEWoXSRqW2cFFtyRQps38Uatfy/kZ1CFGFMTerIUvxVqe kX28fDcEmR7KGD2W04RRIAvjBKjnwqRRuNnW58FROcmULDFazLuLftkw63bIqbrz z6wPVMHJ9/3j6XgMOcHu0nTEhNTmBb2lt+X+dxeF5TXoXlECG598hvzq+/hmnemz iZqy8UqpErj9OgfN0BdvSmTuKlocDwnACrw/vAuXyyzKSZdeWiSnVtTzeCmvLnHt coTQgzpqDcfdOEqKyLaseH2a3sO4Xgrw0gF0e0jMSXg/algwSu2x/1OX5nZimnAL 3Z42XCBhLZEagX6c38R2cFf+buSujWUaRC5tJQ50NO3FxI5pFU4= =swDk -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
