You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Ankit Shah <An...@symantec.com> on 2005/05/12 21:41:57 UTC
Admin Application messes up HTTPS Connectors in server.xml
Hi,
The Tomcat admin utility doesn't save the HTTPS connectors properly. It
misses out the 'sslProtocol' attribute and this results in the failed
connector. Does anyone have a fix around this?
The following is the current state of our server:
Tomcat 5.5.9 with 1.4.2 compatibility add-on.
JRE version 1.4.2_05
My Tests and results:
About certificates:
We are using our own keytool generated unsigned certificates.
Everytime i point firefox to the admin app, it will present the
certificate for my approval. I temporarily accept the certificate for my
session.
1. Install tomcat, configure an HTTPS connector
Run the admin app and change a parameter (acceptCount in my case:
raised it from 8 to 10) and click Save and then Commit Changes
Restart tomcat. Restart Firefox. Pointing the browser to the admin
app homepage will not load anything.
No Certificate presented!!
2. Manually did a diff on server.xml and server.xml.<backup> . The
difference is the missing 'sslProtocol' attribute. The docs say this
attribute is optional, but that doesn't seem like the case. Added the
attribute manually
sslProtocol="TLS"
Restart Tomcat. Restart Firefox. Certificate presented. Admin App
Homepage Loaded.
3. By seeing the server.xml written out by Admin app, it is clear that
only attributes with non-default values are written out.
From the admin app, set SSL Protocol field's value to SSL. Save.
Commit Changes
Restart Tomcat. Restart Firefox. NO Certificate Presented. Admin
App homepage NOT loaded.
In server.xml - sslProtocol attribute is NOT written out.
I also inspected the logs (Generated by Log4J and logging level set to
debug)
Upon save:
bean is updated with sslProtocol's new value
Upon Commit:
the list of attributes for the connector doesn't have sslProtocol
as one of the attributes that will be written out
Can you help me how i can make admin application available for Tomcat
administration by the assigned administrators? What fixes will be needed.
If there are any known get-arounds for this.
Thanks in advance for all your help and appreciate your patience in
reading through my email.
Ankit