Thursday, November 5, 2015

Connector attribute SSLCertificateFile must be defined when using SSL with APR

I was recently setting up SSL for Apache Tomcat based on this article:

However, after setting up SSL in my server.xml file according to the article, I received the following error message:

"Connector attribute SSLCertificateFile must be defined when using SSL with APR"

Well, as it turns out, this line in my server.xml file was causing problems:

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Since I was running my Apache Tomcat SSL on the same port as AJP, it was causing conflicts and throwing this exception!


Therefore, my solution consisted of two parts:


Remove the redirectPort attribute from this element:


<Connector port="8009" protocol="AJP/1.3" />

Next, remove the Listener element from the server.xml file:


<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

I created a handy little PowerShell script to accomplish these tasks:

$BaseScriptDir = "C:\MyCerts"
$ApacheTomcatDir = "C:\Program Files\Apache Software Foundation\Tomcat 8.0"
$ApacheTomcatConfDir = "$ApacheTomcatDir\conf"
$JavaCertFile = "$BaseScriptDir\$KeyStoreFile"
$ServerXMLFile = "$ApacheTomcatConfDir\server.xml"
$TomcatServiceName = "Tomcat8"
$BakFileExtension = ".bak"
$AJPPortNumber = "8943"
Write-Host "Copy the Java SSL Certificate for Apache Tomcat SSL"
Copy-Item $JavaCertFile $ApacheTomcatConfDir
Write-Host "Create a backup of the Apache Tomcat server.xml file"
Copy-Item $ServerXMLFile ($ServerXMLFile + $BakFileExtension)
#Stop the Apache Tomcat Service
Stop-Service $TomcatServiceName
#Read the content of the XML File
$serverXMLDoc = [xml](Get-Content $ServerXMLFile)
#Update the Http Protocol connector
$connectorXPath = "//Connector[@protocol='HTTP/1.1']"
$connectorNode = Select-Xml -Xml $serverXMLDoc -XPath $connectorXPath | Select-Object -ExpandProperty Node
$connectorNode.SetAttribute("port", $PortNumber)
$connectorNode.SetAttribute("SSLEnabled", $true)
$connectorNode.SetAttribute("maxThreads", 150)
$connectorNode.SetAttribute("scheme", "https")
$connectorNode.SetAttribute("secure", $true)
$connectorNode.SetAttribute("keystoreFile", "$ApacheTomcatConfDir\$KeyStoreFile")
$connectorNode.SetAttribute("keystorePass", $KeyStorePwd)
$connectorNode.SetAttribute("clientAuth", $false)
$connectorNode.SetAttribute("sslProtocol", "TLS")
$connectorNode.SetAttribute("maxHttpHeaderSize", "8192")
#Update the AJP connector
$AJPConnectorXPath = "//Connector[@protocol='AJP/1.3']"
$AJPConnectorNode = Select-Xml -Xml $serverXMLDoc -XPath $AJPConnectorXPath | Select-Object -ExpandProperty Node
#Remove the AJP Listener
$ListenerXPath = "//Listener[@className='org.apache.catalina.core.AprLifecycleListener']"
$ListenerNode = [System.Xml.XmlElement](Select-Xml -Xml $serverXMLDoc -XPath $ListenerXPath | Select-Object -ExpandProperty Node)
$ServerXPath = "//Server"
$ServerNode = [System.Xml.XmlElement](Select-Xml -Xml $serverXMLDoc -XPath $ServerXPath | Select-Object -ExpandProperty Node)
#Save the changes and update the server.xml file
#Restart the Apache Tomcat service
Start-Service $TomcatServiceName


No comments:

Post a Comment