Win a copy of Java Database Connections & Transactions (e-book only) this week in the JDBC forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Tomcat 8.5 SSL config different from Tomcat 7?  RSS feed

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I upgraded our Tomcat on windows 2012 from 7 to 8.5 and I am unable to get SSL/8443 working.  

Tomcat works and our application works etc with basic server.xml config, but when I add in the SSL info tomcat service stops and throws an error.  Is SSL configured differently in 8.5?

This is what I had in the Tomcat 7 server.xml and was working prior to upgrade.  I am trying it in the tomcat 8.5 server.xml and tomcat will not start.




Error:
2017-06-14 09:57:13 Commons Daemon procrun stdout initialized
09:57:14,280 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
09:57:14,280 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
09:57:14,280 |-INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [file:/E:/opt/Tomcat%208.5/bin/logback-config/logback.xml]
09:57:14,358 |-INFO in ch.qos.logback.classic.joran.action.ContextNameAction - Setting logger context name as [TC]
09:57:14,358 |-INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Adding LoggerContextListener of type [ch.qos.logback.classic.jul.LevelChangePropagator] to the object stack
09:57:14,358 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator@7cbd213e - Propagating DEBUG level on Logger[ROOT] onto the JUL framework
09:57:14,358 |-INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Starting LoggerContextListener
09:57:14,358 |-INFO in ch.qos.logback.classic.joran.action.JMXConfiguratorAction - begin
09:57:14,374 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.ConsoleAppender]
09:57:14,374 |-INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [STDOUT]
09:57:14,389 |-INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
09:57:14,421 |-INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to INFO
09:57:14,421 |-INFO in ch.qos.logback.classic.jul.LevelChangePropagator@7cbd213e - Propagating INFO level on Logger[ROOT] onto the JUL framework
09:57:14,421 |-INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [STDOUT] to Logger[ROOT]
09:57:14,421 |-INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
09:57:14,421 |-INFO in ch.qos.logback.classic.joran.JoranConfigurator@1ee807c6 - Registering current configuration as safe fallback point
2017-06-14 09:57:14,421 TC WARN  [main] org.apache.tomcat.util.net.SSLHostConfig - The property [Certificate.certificateKeystoreFile] was set on the SSLHostConfig named [_default_] and is for connectors of type [JSSE] but the SSLHostConfig is being used with a connector of type [OPENSSL]
2017-06-14 09:57:14,436 TC WARN  [main] org.apache.tomcat.util.net.SSLHostConfig - The property [Certificate.certificateKeystorePassword] was set on the SSLHostConfig named [_default_] and is for connectors of type [JSSE] but the SSLHostConfig is being used with a connector of type [OPENSSL]
2017-06-14 09:57:14,436 TC WARN  [main] org.apache.tomcat.util.net.SSLHostConfig - The property [sslProtocol] was set on the SSLHostConfig named [_default_] and is for connectors of type [JSSE] but the SSLHostConfig is being used with a connector of type [OPENSSL]
2017-06-14 09:57:14,436 TC ERROR [main] org.apache.tomcat.util.digester.Digester - End event threw exception
java.lang.reflect.InvocationTargetException: null
 
Quincy Schmidt
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got the service to come and I can bring up wsdl pages etc now. Except it works with http and not https.

Do I need configure the SSLHostConfig section?  And can I put in the full path to the .jks file or does it need to be in the conf dir? (E:\keystore\key.jks)

 
Quincy Schmidt
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the log file:
 
Sheriff
Posts: 21747
102
Chrome Eclipse IDE Java Spring Ubuntu VI Editor Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Quincy Schmidt wrote:From the log file:


That means that something is already running on the same port (8443). Did you shutdown any previous instance of Tomcat?

To find out what's running on that port you can run netstat -ban as Administator (on Linux it's netstat -plan), then search for the port.
 
Quincy Schmidt
Greenhorn
Posts: 11
  • Likes 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Rob Spoor wrote:

Quincy Schmidt wrote:From the log file:


That means that something is already running on the same port (8443). Did you shutdown any previous instance of Tomcat?

To find out what's running on that port you can run netstat -ban as Administator (on Linux it's netstat -plan), then search for the port.



Thank you for the reply!  I changed port 8080 to 8443 as a test. Having changed it back the bind error no longer comes up.




Finally got it figured out!

Tomcat7:
 


Tomcat8:

Not sure if this is needed or not, but after reading another forum post I commented out line 28: <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

SSL Config:
 


 
Marshal
Posts: 5999
156
Chrome Eclipse IDE Java Postgres Database Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for posting your solution.
 
Bartender
Posts: 1669
17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good discussion.

To get the certificate working, did you need to follow all these steps?

https://cas.hgtc.edu/docs/ssl-howto.html

Any of these particularly problematic?

I'm going to tackle SSL in Tomcat issue this coming week once I figure out which cert to get.

Thanks,

- mike

 
Knute Snortum
Marshal
Posts: 5999
156
Chrome Eclipse IDE Java Postgres Database Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That URL seems to be an out-of-date version of this:

https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
 
Mike London
Bartender
Posts: 1669
17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Knute Snortum wrote:That URL seems to be an out-of-date version of this:

https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html



Thanks, will update my link, thank you.

If I get my certificate files for Apache, it looks like I skip to:

1. Modify the Tomcat config files, and
2. The Step: "Installing a Certificate from a Certificate Authority"

Thanks,

- Mike
 
I am displeased. You are no longer allowed to read this tiny ad:
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!