Mark,
Thanks for looking.
If I specify the value for defaultSSLHostConfigName, I still get
/SSLHostConfig attribute certificateFile must be defined shen using an
SSL connector/.
If I remove the hostName from the SSLHostConfig (or specify
hostName="_default_"), I get:
WARNING: Match [Server/Service/Connector] failed to set property
[compressableMimeType] to [text/css,application/javascript]
Jul 11, 2022 7:45:33 AM org.apache.tomcat.util.net.SSLHostConfig setProtocols
WARNING: The protocol [TLSv1.2] was added to the list of protocols on the
SSLHostConfig named [_default_]. Check if a +/- prefix is missing.
Jul 11, 2022 7:45:33 AM org.apache.tomcat.util.digester.Digester endElement
SEVERE: End event threw exception
java.lang.reflect.InvocationTargetException
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements
were provided for the host name [_default_]. Host names must be unique.
at
org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
at org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(Abstrac
tEndpoint.java:250)
Jul 11, 2022 7:45:33 AM org.apache.catalina.startup.Catalina parseServerXml
WARNING: Unable to load server configuration from [/srv/tomcat/conf/server.xml]
org.xml.sax.SAXParseException; systemId:file:/srv/tomcat/conf/server.xml;
lineNumber: 166; columnNumber: 21; Error at line [166] column [21]: [Multiple
SSLHostConfig elements were provided for the host name [_default_]. Host names
must be unique.]
at
org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1966)
Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements
were provided for the host name [_default_]. Host names must be unique.
at
org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:294)
at
org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:250)
at
org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:719)
On 7/11/2022 2:12 AM, Mark Thomas wrote:
On 11/07/2022 02:30, George Sexton wrote:
I'm trying to configure SSL for Tomcat 9 and I'm not having any luck.
<snip/>
Caused by: java.io.IOException: SSLHostConfig attribute
certificateFile must be defined when using an SSL connector
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:312)
<snip/>
Looking at the docs, it doesn't appear that certificateFile is an
attribute of SSLHostConfig.
That looks like a message string that need to be updated to reference
the Certificate element instead. I'll look into that.
<snip/>
/The following NIO and NIO2 SSL configuration attributes have been
deprecated in favor of the default //SSLHostConfig
<https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>//element
with the //|hostName|//of //|_default_|//. If this //SSLHostConfig
<https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>//element
is not explicitly defined, it will be created.. /
Additionally, I'd like to use SNI for multiple certs, so that will
require an SSLHostConfig I think. Can anyone give me an idea of what
I'm doing wrong?
From further up in the docs:
<quote>
Each secure connector must define at least one SSLHostConfig. The
names of the SSLHostConfig elements must be unique and one of them
must match the defaultSSLHostConfigName attribute of the Connector.
</quote>
You haven't specified an explicit defaultSSLHostConfigName so the
default value of "_default_" is being used. The error message you are
seeing is complaining that the SSLHostConfig for "_default_" is
incomplete.
Either adding the defaultSSLHostConfigName="*.mydomain.com" attribute
to the Connector element or removing the hostName attribute from the
SSLHostConfig element should fix it.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
George Sexton
(303) 438 9585 x102
MH Software, Inc.
