You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kent Smotherman <ke...@gmail.com> on 2016/08/04 15:17:58 UTC
Re: Multiple SSL config with single IP on Tomat 8.5.4
From: Mark Thomas <ma...@apache.org>
To: Tomcat Users List <us...@tomcat.apache.org>
Cc:
Date: Wed, 3 Aug 2016 15:49:12 -0700
Subject: Re: Multiple SSL config with single IP on Tomcat 8.5.4
On 03/08/2016 15:05, Kent Smotherman wrote:
> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a
single
> IP. My relevant server.xml looks like this:
>
> <Connector port="9090" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="9443" />
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true" hostName="
> firstnationalsculpturepark.com"
> clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
> firstnationalsculpturepark.com"
>>
> <SSLHostConfig hostname="firstnationalsculpturepark.com">
> <Certificate
> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
> certificateKeystorePassword="xxxxxxx"
> certificateKeyAlias="firstnationalsculpturepark"
> />
> </SSLHostConfig>
> </Connector>
>
> This gives me this error on startup:
>
> 03-Aug-2016 16:47:04.541 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
> property.
>
> I'm not sure what I'm doing wrong, as the hostName property is indicated
in
> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
> then causes an error trying to find the default keystore file since it
> isn't using the one I've specified, but that is expected.)
Take another look at the error messge. It is complaining about an
invalid attribute on the Connector, not the SSLHostConfig.
Mark
---------------
Thanks! I removed the hostName attribute from the Connector, and now all I
have left is the same error complaining that it cannot find .keystore, when
it should be looking for twinfeats.keystore:
<Connector port="9443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
defaultSSLHostConfigName="www.twinfeats.com">
<SSLHostConfig hostName="www.firstnationalsculpturepark.com">
<Certificate
certificateKeystoreFile="/apache/conf/twinfeats.keystore"
certificateKeystorePassword="takara36"
certificateKeyAlias="firstnationalsculpturepark"
/>
</SSLHostConfig>
<SSLHostConfig hostName="www.twinfeats.com">
<Certificate
certificateKeystoreFile="/apache/conf/twinfeats.keystore"
certificateKeystorePassword="xxxxxxxxx"
certificateKeyAlias="twinfeats"
/>
</SSLHostConfig>
</Connector>
And the error:
04-Aug-2016 10:01:16.755 SEVERE [main]
org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
type [JKS] with path [/home/twinfeats/.keystore] due to
[/home/twinfeats/.keystore (No such file or directory)]
java.io.FileNotFoundException: /home/twinfeats/.keystore (No such file or
directory)
I've reviewed my server.xml as excerpted above, but I don't see any
remaining silly mistakes. Any clues?
Thanks!
Kent
Re: Multiple SSL config with single IP on Tomat 8.5.4
Posted by Jose MarĂa Zaragoza <de...@gmail.com>.
2016-08-04 17:17 GMT+02:00 Kent Smotherman <ke...@gmail.com>:
> From: Mark Thomas <ma...@apache.org>
> To: Tomcat Users List <us...@tomcat.apache.org>
> Cc:
> Date: Wed, 3 Aug 2016 15:49:12 -0700
> Subject: Re: Multiple SSL config with single IP on Tomcat 8.5.4
> On 03/08/2016 15:05, Kent Smotherman wrote:
>> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a
> single
>> IP. My relevant server.xml looks like this:
>>
>> <Connector port="9090" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> URIEncoding="UTF-8"
>> redirectPort="9443" />
>> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true" hostName="
>> firstnationalsculpturepark.com"
>> clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
>> firstnationalsculpturepark.com"
>>>
>> <SSLHostConfig hostname="firstnationalsculpturepark.com">
>> <Certificate
>> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>> certificateKeystorePassword="xxxxxxx"
>> certificateKeyAlias="firstnationalsculpturepark"
>> />
>> </SSLHostConfig>
>> </Connector>
>>
>> This gives me this error on startup:
>>
>> 03-Aug-2016 16:47:04.541 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
>> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
>> property.
>>
>> I'm not sure what I'm doing wrong, as the hostName property is indicated
> in
>> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
>> then causes an error trying to find the default keystore file since it
>> isn't using the one I've specified, but that is expected.)
>
> Take another look at the error messge. It is complaining about an
> invalid attribute on the Connector, not the SSLHostConfig.
>
> Mark
>
> ---------------
>
> Thanks! I removed the hostName attribute from the Connector, and now all I
> have left is the same error complaining that it cannot find .keystore, when
> it should be looking for twinfeats.keystore:
>
> <Connector port="9443" SSLEnabled="true"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> defaultSSLHostConfigName="www.twinfeats.com">
> <SSLHostConfig hostName="www.firstnationalsculpturepark.com">
> <Certificate
> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
> certificateKeystorePassword="takara36"
> certificateKeyAlias="firstnationalsculpturepark"
> />
> </SSLHostConfig>
> <SSLHostConfig hostName="www.twinfeats.com">
> <Certificate
> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
> certificateKeystorePassword="xxxxxxxxx"
> certificateKeyAlias="twinfeats"
> />
> </SSLHostConfig>
> </Connector>
>
> And the error:
>
> 04-Aug-2016 10:01:16.755 SEVERE [main]
> org.apache.tomcat.util.net.SSLUtilBase.getStore Failed to load keystore
> type [JKS] with path [/home/twinfeats/.keystore] due to
> [/home/twinfeats/.keystore (No such file or directory)]
> java.io.FileNotFoundException: /home/twinfeats/.keystore (No such file or
> directory)
>
> I've reviewed my server.xml as excerpted above, but I don't see any
> remaining silly mistakes. Any clues?
According doc:
"certificateKeystoreFile
The pathname of the keystore file where you have stored the server
certificate and key to be loaded. By default, the pathname is the file
.keystore in the operating system home directory of the user that is
running Tomcat. If your keystoreType doesn't need a file use "" (empty
string) or NONE for this parameter. **Relative paths will be resolved
against $CATALINA_BASE**. A URL may also be used for this attribute."
I would try a relative path
PD: I wonder why the same keystore has got different
certificateKeystorePassword
>
> Thanks!
>
> Kent
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org