You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kent Smotherman <ke...@gmail.com> on 2016/08/03 22:05:20 UTC
Multiple SSL config with single IP on Tomcat 8.5.4
I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a single
IP. My relevant server.xml looks like this:
<Connector port="9090" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="9443" />
<Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" hostName="
firstnationalsculpturepark.com"
clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
firstnationalsculpturepark.com"
>
<SSLHostConfig hostname="firstnationalsculpturepark.com">
<Certificate
certificateKeystoreFile="/apache/conf/twinfeats.keystore"
certificateKeystorePassword="xxxxxxx"
certificateKeyAlias="firstnationalsculpturepark"
/>
</SSLHostConfig>
</Connector>
This gives me this error on startup:
03-Aug-2016 16:47:04.541 WARNING [main]
org.apache.catalina.startup.SetAllPropertiesRule.begin
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'hostName' to 'firstnationalsculpturepark.com' did not find a matching
property.
I'm not sure what I'm doing wrong, as the hostName property is indicated in
the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
then causes an error trying to find the default keystore file since it
isn't using the one I've specified, but that is expected.)
Re: Multiple SSL config with single IP on Tomcat 8.5.4
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Joshua,
On 8/3/16 6:51 PM, Joshua McDowell wrote:
> [W]hy aren\u2019t you fronting Tomcat with Apache? I am asking because
> i am curious of others views.
Because it's an unnecessary component, sensitive to other
environmental factors.
Why *are* you fronting Tomcat with Apache [httpd]?
- -chris
>> On Aug 3, 2016, at 5:05 PM, Kent Smotherman
>> <ke...@gmail.com> wrote:
>>
>> I'm trying to get multiple SSL certs configured on Tomcat 8.5
>> with a single IP. My relevant server.xml looks like this:
>>
>> <Connector port="9090" protocol="HTTP/1.1"
>> connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="9443"
>> /> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true" hostName="
>> firstnationalsculpturepark.com" clientAuth="false"
>> sslProtocol="TLS" defaultSSLHostConfigName="
>> firstnationalsculpturepark.com"
>>>
>> <SSLHostConfig hostname="firstnationalsculpturepark.com">
>> <Certificate
>> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
>> certificateKeystorePassword="xxxxxxx"
>> certificateKeyAlias="firstnationalsculpturepark" />
>> </SSLHostConfig> </Connector>
>>
>> This gives me this error on startup:
>>
>> 03-Aug-2016 16:47:04.541 WARNING [main]
>> org.apache.catalina.startup.SetAllPropertiesRule.begin
>> [SetAllPropertiesRule]{Server/Service/Connector} Setting
>> property 'hostName' to 'firstnationalsculpturepark.com' did not
>> find a matching property.
>>
>> I'm not sure what I'm doing wrong, as the hostName property is
>> indicated in the Tomcat 8.5 docs as an attribute for
>> SSLHostConfig. (The above error then causes an error trying to
>> find the default keystore file since it isn't using the one I've
>> specified, but that is expected.)
>
>
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJXqidIAAoJEBzwKT+lPKRYPXUP/1MI86J0DR2Qjuf5wtcTK6S0
ZiaOmOAz757TMr1jODDh3zjGQbSDBDK+yIvhgJ35xWZM9xiQTtoYOwyVjbgnqvwu
AGwkjOo+iB3f8/4d8pIC1D5gPf7W0/YSG7XGnK0XGHtmsQrl+f76e9Kwn27ja7kA
NM/oJ4THkhk7sbaEKj34PLh8K7XEHEHU0BENuDBHbFH2d+Oo32+veBj6QoKDiRmj
Y3fg8CsyYqnBHMRyrPlI13nWtvvBaIJkAxyIj8s0FjCV0t8qidTmcB3ogQMfKDSg
T6iNviWKDG2JYgWZgXWgVx4it59CaL9xX0RZONvXKuY64sLnEcQTUNbtOgEswYh+
2AFwtFpzldxd+IMDXx8CzoGmNwP3teBFbPtuoH60Bm3plBedyJn7W5scvV9nIg9A
a6i8pgnl1Dxhv60SM0USAKcoZ6fHpRb4jjfCoYHlY/2LIQ0i9/Fqb2bxTCR4lRBB
HDEHgW/FOxIR9s/8KfNEKmkGgQeNhS8OMTEWv+663G3NYCNxbm39GYesj3dnkLy7
UlPeaYf+AgpT3fClhFpYZHZ1FMyY4EhPCygtNvspQYmcm4FemGb/d3NxUPN1wO4v
VxdTsZM6ppU+Igf5+eJ0P4zUjBpMMTM5LHkVgbdMySiQeKRQgwEHZPwxDKakxAPD
d84IR1w2Ges0qJj0eAj0
=Jtmq
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple SSL config with single IP on Tomcat 8.5.4
Posted by Joshua McDowell <id...@imcdowell.com>.
Don’t shoot at me..
But why aren’t you fronting Tomcat with Apache? I am asking because i am curious of others views.
J
> On Aug 3, 2016, at 5:05 PM, Kent Smotherman <ke...@gmail.com> wrote:
>
> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a single
> IP. My relevant server.xml looks like this:
>
> <Connector port="9090" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="9443" />
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true" hostName="
> firstnationalsculpturepark.com"
> clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
> firstnationalsculpturepark.com"
>>
> <SSLHostConfig hostname="firstnationalsculpturepark.com">
> <Certificate
> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
> certificateKeystorePassword="xxxxxxx"
> certificateKeyAlias="firstnationalsculpturepark"
> />
> </SSLHostConfig>
> </Connector>
>
> This gives me this error on startup:
>
> 03-Aug-2016 16:47:04.541 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
> property.
>
> I'm not sure what I'm doing wrong, as the hostName property is indicated in
> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
> then causes an error trying to find the default keystore file since it
> isn't using the one I've specified, but that is expected.)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multiple SSL config with single IP on Tomcat 8.5.4
Posted by Mark Thomas <ma...@apache.org>.
On 03/08/2016 15:05, Kent Smotherman wrote:
> I'm trying to get multiple SSL certs configured on Tomcat 8.5 with a single
> IP. My relevant server.xml looks like this:
>
> <Connector port="9090" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="9443" />
> <Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true" hostName="
> firstnationalsculpturepark.com"
> clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="
> firstnationalsculpturepark.com"
>>
> <SSLHostConfig hostname="firstnationalsculpturepark.com">
> <Certificate
> certificateKeystoreFile="/apache/conf/twinfeats.keystore"
> certificateKeystorePassword="xxxxxxx"
> certificateKeyAlias="firstnationalsculpturepark"
> />
> </SSLHostConfig>
> </Connector>
>
> This gives me this error on startup:
>
> 03-Aug-2016 16:47:04.541 WARNING [main]
> org.apache.catalina.startup.SetAllPropertiesRule.begin
> [SetAllPropertiesRule]{Server/Service/Connector} Setting property
> 'hostName' to 'firstnationalsculpturepark.com' did not find a matching
> property.
>
> I'm not sure what I'm doing wrong, as the hostName property is indicated in
> the Tomcat 8.5 docs as an attribute for SSLHostConfig. (The above error
> then causes an error trying to find the default keystore file since it
> isn't using the one I've specified, but that is expected.)
Take another look at the error messge. It is complaining about an
invalid attribute on the Connector, not the SSLHostConfig.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org