Hello and thank you in advance for looking into this.

I'm a Dutch native so bare with me...

Problem:
Trying to configure TOMCAT9 to handle 2 domains on the same server with
https and 2 different keystore files.
There is no APACHE webserver or other webserver available.

Single connector configuration works perfectly for that single domain e.g.

     <Connector
        port="443"
        address="rabbit.nl"
        maxHttpHeaderSize="8192"
        maxThreads="150"
        minSpareThreads="25"
        maxSpareThreads="75"
        enableLookups="false"
        disableUploadTimeout="true"
        acceptCount="100"
        scheme="https"
        secure="true"
        SSLEnabled="true"
        clientAuth="false"
        sslProtocol="TLS"
        keyAlias="rabbit.nl"
        keystoreFile="/etc/ssl/crt/rabbit.nl.jks"
        keystorePass="password2" />


But the multi-domain connector is flawed somewhere and due to the limited
feedback from TOMCAT it's a real struggle to figure out what is wrong

SERVER.XML CONFIG file exert:

<Connector
    port="443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxHttpHeaderSize="8192"
    maxThreads="150"
    SSLEnabled="true"
    acceptCount="100"
    scheme="https"
    minSpareThreads="25"
    maxSpareThreads="75"
    enableLookups="false"
    secure="true"
    clientAuth="false"
    <SSLHostConfig hostName="appel.nl" sslProtocol="TLS">
            <Certificate
certificateKeystoreFile="/etc/ssl/crt/appel.nl.jks"
certificateKeystorePassword="password1" certificateKeyAlias="appel.nl"
certificateKeyPassword="password1" />
            </SSLHostConfig>
    <SSLHostConfig hostName="rabbit.nl" sslProtocol="TLS">
            <Certificate
certificateKeystoreFile="/etc/ssl/crt/rabbit.nl.jks"
certificateKeystorePassword="password2" certificateKeyAlias="rabbit.nl"
certificateKeyPassword="password2" />
            </SSLHostConfig>
</Connector>


Can somebody help me?


Thank you,

Maurice Poos

_____________________________________________________________________
TOMCAT VERSION
Server version: Apache Tomcat/9.0.31
Server built:   Feb 5 2020 19:32:12 UTC
Server number:  9.0.31.0

LINUX
"Ubuntu 18.04.4 LTS"

Architecture:
amd64

JVM Version:    14.0.1+7
JVM Vendor:     Oracle Corporation
__________________________________________________________________________
KEY CSR creation

KEY
/usr/bin/keytool -genkey -keysize 2048 -alias rabbit.nl -keyalg RSA
-keystore rabbit.nl.jks

CSR
/usr/bin/keytool -certreq -keyalg RSA -alias rabbit.nl -file rabbit.nl.csr
-keystore rabbit.nl.jks
___________________________________________________________________________

ERROR LOG CATALINA.OUT

26-May-2020 11:22:34.602 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component [Connector[HTTP/1.1-443]]
    org.apache.catalina.LifecycleException: Protocol handler initialization
failed
        at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1013)
        at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at
org.apache.catalina.core.StandardService.initInternal(StandardService.java:533)
        at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1057)
        at
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
        at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
        at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:564)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
    Caused by: java.lang.IllegalArgumentException
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:99)
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
        at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:217)
        at
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1141)
        at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1154)
        at
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
        at
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
        at
org.apache.catalina.connector.Connector.initInternal(Connector.java:1010)
        ... 13 more
    Caused by: java.io.IOException
        at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:302)
        at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:247)
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
        ... 20 more

Reply via email to