On 11/07/2022 02:30, George Sexton wrote:
I'm trying to configure SSL for Tomcat 9 and I'm not having any luck.
<snip/>
Caused by: java.io.IOException: SSLHostConfig attribute certificateFile
must be defined when using an SSL connector
at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:312)
<snip/>
Looking at the docs, it doesn't appear that certificateFile is an
attribute of SSLHostConfig.
That looks like a message string that need to be updated to reference
the Certificate element instead. I'll look into that.
<snip/>
/The following NIO and NIO2 SSL configuration attributes have been
deprecated in favor of the default //SSLHostConfig
<https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>//element
with the //|hostName|//of //|_default_|//. If this //SSLHostConfig
<https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-_SSLHostConfig>//element
is not explicitly defined, it will be created.. /
Additionally, I'd like to use SNI for multiple certs, so that will
require an SSLHostConfig I think. Can anyone give me an idea of what I'm
doing wrong?
From further up in the docs:
<quote>
Each secure connector must define at least one SSLHostConfig. The names
of the SSLHostConfig elements must be unique and one of them must match
the defaultSSLHostConfigName attribute of the Connector.
</quote>
You haven't specified an explicit defaultSSLHostConfigName so the
default value of "_default_" is being used. The error message you are
seeing is complaining that the SSLHostConfig for "_default_" is incomplete.
Either adding the defaultSSLHostConfigName="*.mydomain.com" attribute to
the Connector element or removing the hostName attribute from the
SSLHostConfig element should fix it.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
