-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Venkataraman,
On 8/2/18 2:24 PM, Venkataraman Srinivasan wrote: > I am using tomcat version 8.5.32 Thanks. > I made the below entry in Server.xml > > <Service name="Catalina"> > > <!--The connectors can use a shared executor, you can define one or > more named thread pools--> <!-- <Executor name="tomcatThreadPool" > namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> > --> > > > <!-- A "Connector" represents an endpoint by which requests are > received and responses are returned. Documentation at : Java HTTP > Connector: /docs/config/http.html Java AJP Connector: > /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html > Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> <Connector > port="8443" protocol="HTTP/1.1" connectionTimeout="20000" /> > > > > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementat ion" > > maxThreads="200" secure="true" scheme="https" > > <Certificate certificateFile="/home/apexadmin/.keystore" This is incorrect. The certificateFile attribute should point to a PEM-encoded DER file (text file with "----BEGIN CERTIFICATE----" at the top). You appear to be using a keystore (file name seems obvious, plus you have a keystorePass attribute on the <Certificate>). If you want to use a keystore, you need to use the certificateKeystoreFile and certificateKeystorePassword attributes instead. > keystorePass="xxxxx" type="RSA" clientAuth="false" > SSLEnabled="true" sslProtocol="TLS" None of clientAuth, SSLEnabled, or sslProtocol are valid attributes of a <Certificate> element. clientAuth should be SSLHostConfig/@certificateVerification SSLEnabled should be Connector/@SSLEnabled sslProtocol should be SSLHostConfig/@sslProtocol >> > </Certificate> </Connector> As John mentions, you have two connectors attempting to use the same port, which isn't going to work. I'd remove the first one, since it's obvious you want the second one to be the configured connector. You also need to set SSLEnabled="true" on the <Connector>. Nothing will work without that. http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support Also, since you are using Tomcat 8.5, you should probably be using Tomcat 8.5 configuration style, like you can see in this next section of the configuration guide: http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_S SLHostConfig Specifically, you should be using <SSLHostConfig> elements with <Certificate> child elements instead of bare <Certificate> elements within the connector. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAltpo1wACgkQHPApP6U8 pFhVxw//b1ErT5svW9RC2sTcpVCXTsmTG1EhnAIO1Q6dH2TFeL+SOH/v928I50Og fiANo4SCtu3PeI7cYpbliJlufgaEQvKLn8tMNZN07GUcFSAdo0OlZHuEjBplpqSH gqkragfZCyPzFX4byTOZzRNmVo6WLJUf5ZkaDUaxJ4gepIt6CJ2ChGqL07fnepZJ frbd6iIv4WO1/rW+gkqPsgBVRk3+S7q6hHcAxikpu2LuNUDTM4Sq2hAhbRFaiM8r L64c9KMNhDJB7xgWOk98wjGcRguG/bQ1GXnWzqUPcWTT2YeCGF3YBhVzu3gXG/Iy E3HCCTN++H2wro90Rim9ZrOsZpQkqonO9nQix9CCB/hH4eTtBoU/DFhKhqO33wwv gb8IX2xQVtqdX1ddWqCXEDenecwR6biSUYCeXfa5/zET/MI/TOqMeXSdZiv+Ygbc 7yXzFDEfW120RkbDcoM6GZ88SV/3T+XolnmQIBNOXPq9MUmt8zL0kbCPl/zgO13x q+ACGqQ7YPVUh0mnlH3udff+79uyJxLTaQUQVYN29g7p9v7V2oKz13iHO7A5V0yc gO7QQdOhC+qCsBugwMNcXzhVtehI68kfx6fIS4ie/yoZ/Rc7Z0qXBoiTtnJkM/Qe oobgBvPhXEzMOQ/re20zU4v0LjjqP4jqVmLe01djmeq19BAw3D4= =Lz/l -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
