You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Ankit Shah <An...@symantec.com> on 2005/05/12 21:41:57 UTC

Admin Application messes up HTTPS Connectors in server.xml

Hi,
The Tomcat admin utility doesn't save the HTTPS connectors properly. It 
misses out the 'sslProtocol' attribute and this results in the failed 
connector. Does anyone have a fix around this?

The following is the current state of our server:
Tomcat 5.5.9 with 1.4.2 compatibility add-on.
JRE version 1.4.2_05

My Tests and results:
About certificates:
        We are using our own keytool generated unsigned certificates. 
Everytime i point firefox to the admin app, it will present the 
certificate for my approval. I temporarily accept the certificate for my 
session.

1. Install tomcat, configure an HTTPS connector
        Run the admin app and change a parameter (acceptCount in my case: 
raised it from 8 to 10) and click Save and then Commit Changes

        Restart tomcat. Restart Firefox. Pointing the browser to the admin 
app homepage will not load anything.
        No Certificate presented!!

2. Manually did a diff on server.xml and server.xml.<backup> . The 
difference is the missing 'sslProtocol' attribute. The docs say this 
attribute is optional, but that doesn't seem like the case. Added the 
attribute manually
        sslProtocol="TLS"

        Restart Tomcat. Restart Firefox. Certificate presented. Admin App 
Homepage Loaded.

3. By seeing the server.xml written out by Admin app, it is clear that 
only attributes with non-default values are written out.
        From the admin app, set SSL Protocol field's value to SSL. Save. 
Commit Changes

        Restart Tomcat. Restart Firefox. NO Certificate Presented. Admin 
App homepage NOT loaded.

        In server.xml - sslProtocol attribute is NOT written out.

I also inspected the logs (Generated by Log4J and logging level set to 
debug)

Upon save:
        bean is updated with sslProtocol's new value
Upon Commit:
        the list of attributes for the connector doesn't have sslProtocol 
as one of the attributes that will be written out

Can you help me how i can make admin application available for Tomcat 
administration by the assigned administrators? What fixes will be needed. 
If there are any known get-arounds for this.

Thanks in advance for all your help and appreciate your patience in 
reading through my email.

Ankit