You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kaushal Shriyan <ka...@gmail.com> on 2023/08/08 02:23:31 UTC
Enable two way SSL in Apache Tomcat 10 Version 10.0.27
Hi,
I have gone through https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
10.0.27?
Please guide me.
Thanks in Advance.
Best Regards,
Kaushal
Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27
Posted by Kaushal Shriyan <ka...@gmail.com>.
On Sun, Aug 20, 2023 at 4:25 PM <lo...@kreuser.name> wrote:
> Kaushal,
>
> please check the new configuration method with SSLHostConfig - your's is
> probably from an older version, right? In the working version you already
> use it.
>
> see my (redacted) config:
>
> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
> allowTrace="false"
> maxThreads="150"
> SSLEnabled="true"
> compression="off"
> scheme="https"
> server="Apache Tomcat"
> secure="true"
> defaultSSLHostConfigName="example.com" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> compression="on" />
> <SSLHostConfig
> hostName="example.com"
> honorCipherOrder="true"
> protocols="+TLSv1.2,+TLSv1.3"
> certificateVerification="required"
> <!-- optional
> certificateRevocationListFile="${catalina.base}/conf/ssl/ca-bundle-client.crl"
> -->
> truststoreFile="${catalina.base}/conf/ssl/cacerts.jks"
> truststorePassword="changeit"
>
> ciphers="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
> <Certificate
> certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p12"
> certificateKeystorePassword="changeit"
> certificateKeyAlias="tomcat"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
>
>
> Hope this helps
>
> Peter
>
>
Thanks Peter for the quick email response and appreciate it. It worked like
a charm. Thanks once again.
Best Regards,
Kaushal
Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27
Posted by lo...@kreuser.name.
Kaushal,
please check the new configuration method with SSLHostConfig - your's is probably from an older version, right? In the working version you already use it.
see my (redacted) config:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
allowTrace="false"
maxThreads="150"
SSLEnabled="true"
compression="off"
scheme="https"
server="Apache Tomcat"
secure="true"
defaultSSLHostConfigName="example.com" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" compression="on" />
<SSLHostConfig
hostName="example.com"
honorCipherOrder="true"
protocols="+TLSv1.2,+TLSv1.3"
certificateVerification="required"
<!-- optional certificateRevocationListFile="${catalina.base}/conf/ssl/ca-bundle-client.crl" -->
truststoreFile="${catalina.base}/conf/ssl/cacerts.jks"
truststorePassword="changeit"
ciphers="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
<Certificate certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p12"
certificateKeystorePassword="changeit"
certificateKeyAlias="tomcat"
type="RSA" />
</SSLHostConfig>
</Connector>
Hope this helps
Peter
> Am 20.08.2023 um 05:47 schrieb Kaushal Shriyan <ka...@gmail.com>:
>
> Hi,
>
> I am attaching both server.xml for one way SSL and Two Way SSL
>
> One way SSL /opt/tomcat10/conf/server.xml -> tomcat10serverworkingonewaytls.xml (working)
> Two way SSL /opt/tomcat10/conf/server.xml -> tomcat10serverworkingtwowaytls.xml (Not working)
>
> Please comment. Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
> On Sun, Aug 20, 2023 at 6:48 AM Kaushal Shriyan <kaushalshriyan@gmail.com <ma...@gmail.com>> wrote:
>>
>>
>> On Thu, Aug 10, 2023 at 11:29 AM Christopher Schultz <chris@christopherschultz.net <ma...@christopherschultz.net>> wrote:
>>> Kaushal,
>>>
>>> On 8/7/23 22:23, Kaushal Shriyan wrote:
>>> > Hi,
>>> >
>>> > I have gone through https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
>>> > Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
>>> > 10.0.27?
>>> >
>>> > Please guide me.
>>> >
>>> > Thanks in Advance.
>>>
>>> I see you have "gone through" the SSL Howto, but could you be specific
>>> about what you have actually done? For example, what does your
>>> <Connector> in server.xml look like, what does your web.xml look like,
>>> and what files do you have on the disk?
>>>
>>> -chris
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org <ma...@tomcat.apache.org>
>>> For additional commands, e-mail: users-help@tomcat.apache.org <ma...@tomcat.apache.org>
>>>
>>
>>
>> Hi Chris,
>>
>> Apologies for the delay in replying. Thanks in advance. I am trying to enable Mutual two way SSL using tomcat 10.0.27 on Red Hat Enterprise Linux release 8.8 (Ootpa). Currently I am encountering the below issue.
>>
>> 20-Aug-2023 06:40:25.183 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-10443]]
>> org.apache.catalina.LifecycleException: Protocol handler initialization failed
>>
>> Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-openssl-nio-10443]
>>
>> #cat /etc/redhat-release
>> Red Hat Enterprise Linux release 8.8 (Ootpa)
>> # /opt/tomcat10/bin/version.sh
>> Using CATALINA_BASE: /opt/tomcat10
>> Using CATALINA_HOME: /opt/tomcat10
>> Using CATALINA_TMPDIR: /opt/tomcat10/temp
>> Using JRE_HOME: /usr
>> Using CLASSPATH: /opt/tomcat10/bin/bootstrap.jar:/opt/tomcat10/bin/tomcat-juli.jar
>> Using CATALINA_OPTS:
>> Server version: Apache Tomcat/10.0.27
>> Server built: Oct 3 2022 14:18:31 UTC
>> Server number: 10.0.27.0
>> OS Name: Linux
>> OS Version: 4.18.0-477.15.1.el8_8.x86_64
>> Architecture: amd64
>> JVM Version: 1.8.0_382-b05
>> JVM Vendor: Red Hat, Inc.
>> #
>>
>> #cat catalina.out
>> 20-Aug-2023 06:40:24.753 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [clientAuth] to [want]
>> 20-Aug-2023 06:40:24.756 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
>> 20-Aug-2023 06:40:24.756 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystoreFile] to [/opt/tomcat10/ssl/keystore.jks]
>> 20-Aug-2023 06:40:24.756 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystorePass] to [apigee]
>> 20-Aug-2023 06:40:24.757 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [truststoreFile] to [/opt/tomcat10/ssl/clienttrustore.jks]
>> 20-Aug-2023 06:40:24.757 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [truststorePass] to [apigee]
>> 20-Aug-2023 06:40:24.809 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/10.0.27
>> 20-Aug-2023 06:40:24.809 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Oct 3 2022 14:18:31 UTC
>> 20-Aug-2023 06:40:24.809 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 10.0.27.0
>> 20-Aug-2023 06:40:24.809 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
>> 20-Aug-2023 06:40:24.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.18.0-477.15.1.el8_8.x86_64
>> 20-Aug-2023 06:40:24.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
>> 20-Aug-2023 06:40:24.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre
>> 20-Aug-2023 06:40:24.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_382-b05
>> 20-Aug-2023 06:40:24.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Red Hat, Inc.
>> 20-Aug-2023 06:40:24.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /opt/tomcat10
>> 20-Aug-2023 06:40:24.810 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /opt/tomcat10
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/opt/tomcat10/conf/logging.properties
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/opt/tomcat10
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/opt/tomcat10
>> 20-Aug-2023 06:40:24.811 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/opt/tomcat10/temp
>> 20-Aug-2023 06:40:24.816 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.6.3].
>> 20-Aug-2023 06:40:24.817 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
>> 20-Aug-2023 06:40:24.819 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1k FIPS 25 Mar 2021]
>> 20-Aug-2023 06:40:25.161 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
>> 20-Aug-2023 06:40:25.181 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-10443"]
>> 20-Aug-2023 06:40:25.183 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1.1-10443]]
>> org.apache.catalina.LifecycleException: Protocol handler initialization failed
>> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
>> Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-openssl-nio-10443]
>> at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:76)
>> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:206)
>> at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192)
>> at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
>> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:583)
>> at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:79)
>> at org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
>> ... 13 more
>> 20-Aug-2023 06:40:25.184 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [567] milliseconds
>> 20-Aug-2023 06:40:25.213 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
>> 20-Aug-2023 06:40:25.213 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/10.0.27]
>> 20-Aug-2023 06:40:25.222 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat10/webapps/docs]
>> 20-Aug-2023 06:40:25.489 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat10/webapps/docs] has finished in [267] ms
>> 20-Aug-2023 06:40:25.490 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat10/webapps/examples]
>> 20-Aug-2023 06:40:25.677 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat10/webapps/examples] has finished in [186] ms
>> 20-Aug-2023 06:40:25.677 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat10/webapps/host-manager]
>> 20-Aug-2023 06:40:25.696 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat10/webapps/host-manager] has finished in [19] ms
>> 20-Aug-2023 06:40:25.696 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat10/webapps/ROOT]
>> 20-Aug-2023 06:40:25.707 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat10/webapps/ROOT] has finished in [11] ms
>> 20-Aug-2023 06:40:25.707 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/opt/tomcat10/webapps/manager]
>> 20-Aug-2023 06:40:25.722 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/opt/tomcat10/webapps/manager] has finished in [15] ms
>> 20-Aug-2023 06:40:25.726 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
>> 20-Aug-2023 06:40:25.745 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [561] milliseconds
>>
>> cat /opt/tomcat10/conf/server.xml
>>
>> <Connector port="10443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="true"
>> clientAuth="want" sslProtocol="TLS"
>> keystoreFile="/opt/tomcat10/ssl/keystore.jks"
>> keystorePass="apigee"
>> truststoreFile="/opt/tomcat10/ssl/clienttrustore.jks"
>> truststorePass="apigee" />
>>
>> I am attaching the server.xml for your reference. Please comment. Thanks in advance.
>>
>> Best Regards,
>>
>> Kaushal
> <tomcat10serverworkingtwowaytls.xml><tomcat10serverworkingonewaytls.xml>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27
Posted by Kaushal Shriyan <ka...@gmail.com>.
Hi,
I am attaching both server.xml for one way SSL and Two Way SSL
One way SSL
/opt/tomcat10/conf/server.xml -> tomcat10serverworkingonewaytls.xml
(working)
Two way SSL /opt/tomcat10/conf/server.xml
-> tomcat10serverworkingtwowaytls.xml (Not working)
Please comment. Thanks in advance.
Best Regards,
Kaushal
On Sun, Aug 20, 2023 at 6:48 AM Kaushal Shriyan <ka...@gmail.com>
wrote:
>
>
> On Thu, Aug 10, 2023 at 11:29 AM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Kaushal,
>>
>> On 8/7/23 22:23, Kaushal Shriyan wrote:
>> > Hi,
>> >
>> > I have gone through
>> https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
>> > Is there a way to enable two way SSL (mutual) in Apache Tomcat 10
>> Version
>> > 10.0.27?
>> >
>> > Please guide me.
>> >
>> > Thanks in Advance.
>>
>> I see you have "gone through" the SSL Howto, but could you be specific
>> about what you have actually done? For example, what does your
>> <Connector> in server.xml look like, what does your web.xml look like,
>> and what files do you have on the disk?
>>
>> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> Hi Chris,
>
> Apologies for the delay in replying. Thanks in advance. I am trying to
> enable Mutual two way SSL using tomcat 10.0.27 on Red Hat Enterprise Linux
> release 8.8 (Ootpa). Currently I am encountering the below issue.
>
> 20-Aug-2023 06:40:25.183 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[HTTP/1.1-10443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization
> failed
>
> Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element
> was found with the hostName [_default_] to match the
> defaultSSLHostConfigName for the connector [https-openssl-nio-10443]
>
> #cat /etc/redhat-release
>
> *Red Hat Enterprise Linux release 8.8 (Ootpa)*
> # /opt/tomcat10/bin/version.sh
> Using CATALINA_BASE: /opt/tomcat10
> Using CATALINA_HOME: /opt/tomcat10
> Using CATALINA_TMPDIR: /opt/tomcat10/temp
> Using JRE_HOME: /usr
> Using CLASSPATH:
> /opt/tomcat10/bin/bootstrap.jar:/opt/tomcat10/bin/tomcat-juli.jar
> Using CATALINA_OPTS:
> Server version: Apache Tomcat/10.0.27
> Server built: Oct 3 2022 14:18:31 UTC
> Server number: 10.0.27.0
> OS Name: Linux
> OS Version: 4.18.0-477.15.1.el8_8.x86_64
> Architecture: amd64
> JVM Version: 1.8.0_382-b05
> JVM Vendor: Red Hat, Inc.
> #
>
> #*cat catalina.out*
> 20-Aug-2023 06:40:24.753 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [clientAuth] to [want]
> 20-Aug-2023 06:40:24.756 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
> 20-Aug-2023 06:40:24.756 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [keystoreFile] to
> [/opt/tomcat10/ssl/keystore.jks]
> 20-Aug-2023 06:40:24.756 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [keystorePass] to [apigee]
> 20-Aug-2023 06:40:24.757 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [truststoreFile] to
> [/opt/tomcat10/ssl/clienttrustore.jks]
> 20-Aug-2023 06:40:24.757 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [truststorePass] to
> [apigee]
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server version name:
> Apache Tomcat/10.0.27
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server built:
> Oct 3 2022 14:18:31 UTC
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server version
> number: 10.0.27.0
> 20-Aug-2023 06:40:24.809 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Name:
> Linux
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Version:
> 4.18.0-477.15.1.el8_8.x86_64
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Architecture:
> amd64
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Java Home:
> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
> 1.8.0_382-b05
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
> Red Hat, Inc.
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
> /opt/tomcat10
> 20-Aug-2023 06:40:24.810 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
> /opt/tomcat10
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument:
> -Djava.util.logging.config.file=/opt/tomcat10/conf/logging.properties
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djdk.tls.ephemeralDHKeySize=2048
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Dignore.endorsed.dirs=
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Dcatalina.base=/opt/tomcat10
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Dcatalina.home=/opt/tomcat10
> 20-Aug-2023 06:40:24.811 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.io.tmpdir=/opt/tomcat10/temp
> 20-Aug-2023 06:40:24.816 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache
> Tomcat Native library [1.2.35] using APR version [1.6.3].
> 20-Aug-2023 06:40:24.817 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false], random
> [true], UDS [true].
> 20-Aug-2023 06:40:24.819 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1k FIPS 25 Mar 2021]
> 20-Aug-2023 06:40:25.161 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-8080"]
> 20-Aug-2023 06:40:25.181 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio-10443"]
> 20-Aug-2023 06:40:25.183 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[HTTP/1.1-10443]]
> org.apache.catalina.LifecycleException: Protocol handler initialization
> failed
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
> Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element
> was found with the hostName [_default_] to match the
> defaultSSLHostConfigName for the connector [https-openssl-nio-10443]
> at
> org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:76)
> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:206)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192)
> at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:583)
> at
> org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:79)
> at
> org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
> ... 13 more
> 20-Aug-2023 06:40:25.184 INFO [main]
> org.apache.catalina.startup.Catalina.load Server initialization in [567]
> milliseconds
> 20-Aug-2023 06:40:25.213 INFO [main]
> org.apache.catalina.core.StandardService.startInternal Starting service
> [Catalina]
> 20-Aug-2023 06:40:25.213 INFO [main]
> org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
> engine: [Apache Tomcat/10.0.27]
> 20-Aug-2023 06:40:25.222 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
> application directory [/opt/tomcat10/webapps/docs]
> 20-Aug-2023 06:40:25.489 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory [/opt/tomcat10/webapps/docs] has finished in [267] ms
> 20-Aug-2023 06:40:25.490 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
> application directory [/opt/tomcat10/webapps/examples]
> 20-Aug-2023 06:40:25.677 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory [/opt/tomcat10/webapps/examples] has finished in
> [186] ms
> 20-Aug-2023 06:40:25.677 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
> application directory [/opt/tomcat10/webapps/host-manager]
> 20-Aug-2023 06:40:25.696 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory [/opt/tomcat10/webapps/host-manager] has finished in
> [19] ms
> 20-Aug-2023 06:40:25.696 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
> application directory [/opt/tomcat10/webapps/ROOT]
> 20-Aug-2023 06:40:25.707 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory [/opt/tomcat10/webapps/ROOT] has finished in [11] ms
> 20-Aug-2023 06:40:25.707 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
> application directory [/opt/tomcat10/webapps/manager]
> 20-Aug-2023 06:40:25.722 INFO [main]
> org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
> application directory [/opt/tomcat10/webapps/manager] has finished in [15]
> ms
> 20-Aug-2023 06:40:25.726 INFO [main]
> org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
> ["http-nio-8080"]
> 20-Aug-2023 06:40:25.745 INFO [main]
> org.apache.catalina.startup.Catalina.start Server startup in [561]
> milliseconds
>
> *cat /opt/tomcat10/conf/server.xml*
>
> <Connector port="10443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="want" sslProtocol="TLS"
> keystoreFile="/opt/tomcat10/ssl/keystore.jks"
> keystorePass="apigee"
> truststoreFile="/opt/tomcat10/ssl/clienttrustore.jks"
> truststorePass="apigee" />
>
> I am attaching the server.xml for your reference. Please comment. Thanks
> in advance.
>
> Best Regards,
>
> Kaushal
>
Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27
Posted by Kaushal Shriyan <ka...@gmail.com>.
On Thu, Aug 10, 2023 at 11:29 AM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Kaushal,
>
> On 8/7/23 22:23, Kaushal Shriyan wrote:
> > Hi,
> >
> > I have gone through
> https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
> > Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
> > 10.0.27?
> >
> > Please guide me.
> >
> > Thanks in Advance.
>
> I see you have "gone through" the SSL Howto, but could you be specific
> about what you have actually done? For example, what does your
> <Connector> in server.xml look like, what does your web.xml look like,
> and what files do you have on the disk?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Hi Chris,
Apologies for the delay in replying. Thanks in advance. I am trying to
enable Mutual two way SSL using tomcat 10.0.27 on Red Hat Enterprise Linux
release 8.8 (Ootpa). Currently I am encountering the below issue.
20-Aug-2023 06:40:25.183 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-10443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was
found with the hostName [_default_] to match the defaultSSLHostConfigName
for the connector [https-openssl-nio-10443]
#cat /etc/redhat-release
*Red Hat Enterprise Linux release 8.8 (Ootpa)*
# /opt/tomcat10/bin/version.sh
Using CATALINA_BASE: /opt/tomcat10
Using CATALINA_HOME: /opt/tomcat10
Using CATALINA_TMPDIR: /opt/tomcat10/temp
Using JRE_HOME: /usr
Using CLASSPATH:
/opt/tomcat10/bin/bootstrap.jar:/opt/tomcat10/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Server version: Apache Tomcat/10.0.27
Server built: Oct 3 2022 14:18:31 UTC
Server number: 10.0.27.0
OS Name: Linux
OS Version: 4.18.0-477.15.1.el8_8.x86_64
Architecture: amd64
JVM Version: 1.8.0_382-b05
JVM Vendor: Red Hat, Inc.
#
#*cat catalina.out*
20-Aug-2023 06:40:24.753 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [clientAuth] to [want]
20-Aug-2023 06:40:24.756 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
20-Aug-2023 06:40:24.756 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [keystoreFile] to
[/opt/tomcat10/ssl/keystore.jks]
20-Aug-2023 06:40:24.756 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [keystorePass] to [apigee]
20-Aug-2023 06:40:24.757 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [truststoreFile] to
[/opt/tomcat10/ssl/clienttrustore.jks]
20-Aug-2023 06:40:24.757 WARNING [main]
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
[Server/Service/Connector] failed to set property [truststorePass] to
[apigee]
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version name:
Apache Tomcat/10.0.27
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server built:
Oct 3 2022 14:18:31 UTC
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Server version
number: 10.0.27.0
20-Aug-2023 06:40:24.809 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Name:
Linux
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log OS Version:
4.18.0-477.15.1.el8_8.x86_64
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Architecture:
amd64
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Java Home:
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.382.b05-2.el8.x86_64/jre
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
1.8.0_382-b05
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
Red Hat, Inc.
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
/opt/tomcat10
20-Aug-2023 06:40:24.810 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
/opt/tomcat10
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument:
-Djava.util.logging.config.file=/opt/tomcat10/conf/logging.properties
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djdk.tls.ephemeralDHKeySize=2048
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dignore.endorsed.dirs=
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dcatalina.base=/opt/tomcat10
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Dcatalina.home=/opt/tomcat10
20-Aug-2023 06:40:24.811 INFO [main]
org.apache.catalina.startup.VersionLoggerListener.log Command line
argument: -Djava.io.tmpdir=/opt/tomcat10/temp
20-Aug-2023 06:40:24.816 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache
Tomcat Native library [1.2.35] using APR version [1.6.3].
20-Aug-2023 06:40:24.817 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false], random
[true], UDS [true].
20-Aug-2023 06:40:24.819 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.1.1k FIPS 25 Mar 2021]
20-Aug-2023 06:40:25.161 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio-8080"]
20-Aug-2023 06:40:25.181 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-openssl-nio-10443"]
20-Aug-2023 06:40:25.183 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-10443]]
org.apache.catalina.LifecycleException: Protocol handler initialization
failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:556)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:747)
at org.apache.catalina.startup.Catalina.load(Catalina.java:769)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.IllegalArgumentException: No SSLHostConfig element was
found with the hostName [_default_] to match the defaultSSLHostConfigName
for the connector [https-openssl-nio-10443]
at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:76)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:206)
at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1192)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1205)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:583)
at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:79)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
... 13 more
20-Aug-2023 06:40:25.184 INFO [main]
org.apache.catalina.startup.Catalina.load Server initialization in [567]
milliseconds
20-Aug-2023 06:40:25.213 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Catalina]
20-Aug-2023 06:40:25.213 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
engine: [Apache Tomcat/10.0.27]
20-Aug-2023 06:40:25.222 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [/opt/tomcat10/webapps/docs]
20-Aug-2023 06:40:25.489 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [/opt/tomcat10/webapps/docs] has finished in [267] ms
20-Aug-2023 06:40:25.490 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [/opt/tomcat10/webapps/examples]
20-Aug-2023 06:40:25.677 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [/opt/tomcat10/webapps/examples] has finished in
[186] ms
20-Aug-2023 06:40:25.677 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [/opt/tomcat10/webapps/host-manager]
20-Aug-2023 06:40:25.696 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [/opt/tomcat10/webapps/host-manager] has finished in
[19] ms
20-Aug-2023 06:40:25.696 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [/opt/tomcat10/webapps/ROOT]
20-Aug-2023 06:40:25.707 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [/opt/tomcat10/webapps/ROOT] has finished in [11] ms
20-Aug-2023 06:40:25.707 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deploying web
application directory [/opt/tomcat10/webapps/manager]
20-Aug-2023 06:40:25.722 INFO [main]
org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web
application directory [/opt/tomcat10/webapps/manager] has finished in [15]
ms
20-Aug-2023 06:40:25.726 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["http-nio-8080"]
20-Aug-2023 06:40:25.745 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in [561]
milliseconds
*cat /opt/tomcat10/conf/server.xml*
<Connector port="10443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="want" sslProtocol="TLS"
keystoreFile="/opt/tomcat10/ssl/keystore.jks"
keystorePass="apigee"
truststoreFile="/opt/tomcat10/ssl/clienttrustore.jks"
truststorePass="apigee" />
I am attaching the server.xml for your reference. Please comment. Thanks in
advance.
Best Regards,
Kaushal
Re: Enable two way SSL in Apache Tomcat 10 Version 10.0.27
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Kaushal,
On 8/7/23 22:23, Kaushal Shriyan wrote:
> Hi,
>
> I have gone through https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
> Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
> 10.0.27?
>
> Please guide me.
>
> Thanks in Advance.
I see you have "gone through" the SSL Howto, but could you be specific
about what you have actually done? For example, what does your
<Connector> in server.xml look like, what does your web.xml look like,
and what files do you have on the disk?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org