Hey Ankit,
can it be that you forget the secure="true" attribute at your https connector?
I have look inside Http11Protocol code and find this:
public void setProtocol( String k ) {
setSecure(true);
setAttribute("protocol", k);
}The sslProtocol="TLS" is the default and the StoreConfig
handler delete all defaults before saving.
This is really a bad side effect, but with correct secure attribute setting it works for me!
This https config is also documented at:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html
When problem still exists, please send your working and breaking Connector element config from server.xml
Thanks Peter
Ankit Shah schrieb:
Hi,
The Tomcat admin utility doesn't save the HTTPS connectors properly. It misses out the 'sslProtocol' attribute and this results in the failed connector. Does anyone have a fix around this?
The following is the current state of our server: Tomcat 5.5.9 with 1.4.2 compatibility add-on. JRE version 1.4.2_05
My Tests and results:
About certificates:
We are using our own keytool generated unsigned certificates. Everytime i point firefox to the admin app, it will present the certificate for my approval. I temporarily accept the certificate for my session.
1. Install tomcat, configure an HTTPS connector
Run the admin app and change a parameter (acceptCount in my case: raised it from 8 to 10) and click Save and then Commit Changes
Restart tomcat. Restart Firefox. Pointing the browser to the admin app homepage will not load anything.
No Certificate presented!!
2. Manually did a diff on server.xml and server.xml.<backup> . The difference is the missing 'sslProtocol' attribute. The docs say this attribute is optional, but that doesn't seem like the case. Added the attribute manually
sslProtocol="TLS"
Restart Tomcat. Restart Firefox. Certificate presented. Admin App Homepage Loaded.
3. By seeing the server.xml written out by Admin app, it is clear that only attributes with non-default values are written out.
From the admin app, set SSL Protocol field's value to SSL. Save. Commit Changes
Restart Tomcat. Restart Firefox. NO Certificate Presented. Admin App homepage NOT loaded.
In server.xml - sslProtocol attribute is NOT written out.
I also inspected the logs (Generated by Log4J and logging level set to debug)
Upon save:
bean is updated with sslProtocol's new value
Upon Commit:
the list of attributes for the connector doesn't have sslProtocol as one of the attributes that will be written out
Can you help me how i can make admin application available for Tomcat administration by the assigned administrators? What fixes will be needed. If there are any known get-arounds for this.
Thanks in advance for all your help and appreciate your patience in reading through my email.
Ankit
PS: I can mail you the log files if you want (I have about 11 of them, each is 10M). Thanks once again
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
