I was recently setting up SSL for Apache Tomcat based on this article: https://support.comodo.com/index.php?/Knowledgebase/Article/View/646/0/tomcat-ssl-connector
However, after setting up SSL in my server.xml file according to the article, I received the following error message:
"Connector attribute SSLCertificateFile must be defined when using SSL with APR"
Well, as it turns out, this line in my server.xml file was causing problems:
However, after setting up SSL in my server.xml file according to the article, I received the following error message:
"Connector attribute SSLCertificateFile must be defined when using SSL with APR"
Well, as it turns out, this line in my server.xml file was causing problems:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Since I was running my Apache Tomcat SSL on the same port as AJP, it was causing conflicts and throwing this exception!
Therefore, my solution consisted of two parts:
Remove the redirectPort attribute from this element:
<Connector port="8009" protocol="AJP/1.3" />
Next, remove the Listener element from the server.xml file:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
I created a handy little PowerShell script to accomplish these tasks:
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True,Position=1)]
[string]$KeyStoreFile,
[Parameter(Mandatory=$True)]
[string]$KeyStorePwd,
[Parameter(Mandatory=$False)]
[string]$PortNumber="8443"
)
$BaseScriptDir = "C:\MyCerts"
$ApacheTomcatDir = "C:\Program Files\Apache Software Foundation\Tomcat 8.0"
$ApacheTomcatConfDir = "$ApacheTomcatDir\conf"
$JavaCertFile = "$BaseScriptDir\$KeyStoreFile"
$ServerXMLFile = "$ApacheTomcatConfDir\server.xml"
$TomcatServiceName = "Tomcat8"
$BakFileExtension = ".bak"
$AJPPortNumber = "8943"
Write-Host "Copy the Java SSL Certificate for Apache Tomcat SSL"
Copy-Item $JavaCertFile $ApacheTomcatConfDir
Write-Host "Create a backup of the Apache Tomcat server.xml file"
Copy-Item $ServerXMLFile ($ServerXMLFile + $BakFileExtension)
#Stop the Apache Tomcat Service
Stop-Service $TomcatServiceName
#Read the content of the XML File
$serverXMLDoc = [xml](Get-Content $ServerXMLFile)
#Update the Http Protocol connector
$connectorXPath = "//Connector[@protocol='HTTP/1.1']"
$connectorNode = Select-Xml -Xml $serverXMLDoc -XPath $connectorXPath | Select-Object -ExpandProperty Node
$connectorNode.SetAttribute("port", $PortNumber)
$connectorNode.SetAttribute("SSLEnabled", $true)
$connectorNode.SetAttribute("maxThreads", 150)
$connectorNode.SetAttribute("scheme", "https")
$connectorNode.SetAttribute("secure", $true)
$connectorNode.SetAttribute("keystoreFile", "$ApacheTomcatConfDir\$KeyStoreFile")
$connectorNode.SetAttribute("keystorePass", $KeyStorePwd)
$connectorNode.SetAttribute("clientAuth", $false)
$connectorNode.SetAttribute("sslProtocol", "TLS")
$connectorNode.SetAttribute("maxHttpHeaderSize", "8192")
$connectorNode.RemoveAttribute("redirectPort")
#Update the AJP connector
$AJPConnectorXPath = "//Connector[@protocol='AJP/1.3']"
$AJPConnectorNode = Select-Xml -Xml $serverXMLDoc -XPath $AJPConnectorXPath | Select-Object -ExpandProperty Node
$AJPConnectorNode.RemoveAttribute("redirectPort")
#Remove the AJP Listener
$ListenerXPath = "//Listener[@className='org.apache.catalina.core.AprLifecycleListener']"
$ListenerNode = [System.Xml.XmlElement](Select-Xml -Xml $serverXMLDoc -XPath $ListenerXPath | Select-Object -ExpandProperty Node)
$ServerXPath = "//Server"
$ServerNode = [System.Xml.XmlElement](Select-Xml -Xml $serverXMLDoc -XPath $ServerXPath | Select-Object -ExpandProperty Node)
$ServerNode.RemoveChild($ListenerNode)
#Save the changes and update the server.xml file
$serverXMLDoc.Save($ServerXMLFile)
#Restart the Apache Tomcat service
Start-Service $TomcatServiceName
No comments:
Post a Comment