2016-04-05 15:11 GMT-05:00 Thad Humphries <thad.humphr...@gmail.com>:
> My primary interest in Tomcat 8.5 is HTTP/2, so I must set up HTTPS and > TLS. > > Since I eventually must demonstrate the various HTTPS approaches to others, > I have tried both the APR and the NIO implementation, as well as the > different <Connector> layouts in the docs ( > > http://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File > ), > and the $CATALINA_BASE/conf/server.xml comments. I've gotten APR is > working both ways, but not quite NIO. > > When I use the following connector for NIO (from the docs), my SSL works: > > <Connector > protocol="org.apache.coyote.http11.Http11NioProtocol" > port="8443" maxThreads="200" compression="on" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="conf/foo.jks" keystorePass="changeit" > clientAuth="false" sslProtocol="TLS"> > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> > </Connector> > > However when I try the approach in the server.xml comments, Tomcat does not > start: > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="200" SSLEnabled="true" > scheme="https" secure="true" clientAuth="false" > sslProtocol="TLS"> > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> > <SSLHostConfig honorCipherOrder="false"> > <Certificate certificateKeystoreFile="conf/foo.jks" > certificateKeystoreType="JKS" > certificateKeystorePassword="changeit" > certificateKeyAlias="tomcat" > type="RSA" /> > </SSLHostConfig> > </Connector> > > The error at the top of catalina.out is below. I'm trying to understand > why, both for myself and so that I can explain it to others. The "Caused > by: java.lang.IllegalArgumentException: Multiple SSLHostConfig elements > were provided for the host name [_default_]. Host names must be unique." > has me stumped as I have only the one uncommented SSLHostConfig in > server.xml. > > (Once I have this second <Connector> working, I must make a write-up for > folks here, a write-up which I hope will be clearer and more direct than > the docs. I would be happy to offer that write-up to the wiki or docs.) > You still have some attributes which should go into SSLHostConfig, so you have two SNI for the default host (clientAuth and sslProtocol). BTW sslProtocol is really useless. Rémy > > 05-Apr-2016 15:32:42.642 SEVERE [main] > org.apache.tomcat.util.digester.Digester.endElement End event threw > exception > java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > > org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:377) > at org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:145) > at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:966) > at > > com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:609) > at > > com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1783) > at > > com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2970) > at > > com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606) > at > > com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510) > at > > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848) > at > > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777) > at > > com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141) > at > > com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213) > at > > com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643) > at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1461) > at org.apache.catalina.startup.Catalina.load(Catalina.java:578) > at org.apache.catalina.startup.Catalina.load(Catalina.java:629) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494) > Caused by: java.lang.IllegalArgumentException: Multiple SSLHostConfig > elements were provided for the host name [_default_]. Host names must be > unique. > at > > org.apache.tomcat.util.net.AbstractEndpoint.addSslHostConfig(AbstractEndpoint.java:201) > at > > org.apache.coyote.http11.AbstractHttp11Protocol.addSslHostConfig(AbstractHttp11Protocol.java:398) > at > > org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:876) > ... 26 more > > > -- > "Hell hath no limits, nor is circumscrib'd In one self-place; but where we > are is hell, And where hell is, there must we ever be" --Christopher > Marlowe, *Doctor Faustus* (v. 121-24) >
