Tomcat 8.5 Http2

Posted on  by admin
Greenhorn
posted 3 years ago
  • Optional 'thank-you' note:
I upgraded our Tomcat on windows 2012 from 7 to 8.5 and I am unable to get SSL/8443 working.
Tomcat works and our application works etc with basic server.xml config, but when I add in the SSL info tomcat service stops and throws an error. Is SSL configured differently in 8.5?
This is what I had in the Tomcat 7 server.xml and was working prior to upgrade. I am trying it in the tomcat 8.5 server.xml and tomcat will not start.

Error:
2017-06-14 09:57:13 Commons Daemon procrun stdout initialized
09:57:14,280 -INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback.groovy]
09:57:14,280 -INFO in ch.qos.logback.classic.LoggerContext[default] - Could NOT find resource [logback-test.xml]
09:57:14,280 -INFO in ch.qos.logback.classic.LoggerContext[default] - Found resource [logback.xml] at [file:/E:/opt/Tomcat%208.5/bin/logback-config/logback.xml]
09:57:14,358 -INFO in ch.qos.logback.classic.joran.action.ContextNameAction - Setting logger context name as [TC]
09:57:14,358 -INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Adding LoggerContextListener of type [ch.qos.logback.classic.jul.LevelChangePropagator] to the object stack
09:57:14,358 -INFO in [email protected] - Propagating DEBUG level on Logger[ROOT] onto the JUL framework
09:57:14,358 -INFO in ch.qos.logback.classic.joran.action.LoggerContextListenerAction - Starting LoggerContextListener
09:57:14,358 -INFO in ch.qos.logback.classic.joran.action.JMXConfiguratorAction - begin
09:57:14,374 -INFO in ch.qos.logback.core.joran.action.AppenderAction - About to instantiate appender of type [ch.qos.logback.core.ConsoleAppender]
09:57:14,374 -INFO in ch.qos.logback.core.joran.action.AppenderAction - Naming appender as [STDOUT]
09:57:14,389 -INFO in ch.qos.logback.core.joran.action.NestedComplexPropertyIA - Assuming default type [ch.qos.logback.classic.encoder.PatternLayoutEncoder] for [encoder] property
09:57:14,421 -INFO in ch.qos.logback.classic.joran.action.RootLoggerAction - Setting level of ROOT logger to INFO
09:57:14,421 -INFO in [email protected] - Propagating INFO level on Logger[ROOT] onto the JUL framework
09:57:14,421 -INFO in ch.qos.logback.core.joran.action.AppenderRefAction - Attaching appender named [STDOUT] to Logger[ROOT]
09:57:14,421 -INFO in ch.qos.logback.classic.joran.action.ConfigurationAction - End of configuration.
09:57:14,421 -INFO in [email protected] - Registering current configuration as safe fallback point
2017-06-14 09:57:14,421 TC WARN [main] org.apache.tomcat.util.net.SSLHostConfig - The property [Certificate.certificateKeystoreFile] was set on the SSLHostConfig named [_default_] and is for connectors of type [JSSE] but the SSLHostConfig is being used with a connector of type [OPENSSL]
2017-06-14 09:57:14,436 TC WARN [main] org.apache.tomcat.util.net.SSLHostConfig - The property [Certificate.certificateKeystorePassword] was set on the SSLHostConfig named [_default_] and is for connectors of type [JSSE] but the SSLHostConfig is being used with a connector of type [OPENSSL]
2017-06-14 09:57:14,436 TC WARN [main] org.apache.tomcat.util.net.SSLHostConfig - The property [sslProtocol] was set on the SSLHostConfig named [_default_] and is for connectors of type [JSSE] but the SSLHostConfig is being used with a connector of type [OPENSSL]
2017-06-14 09:57:14,436 TC ERROR [main] org.apache.tomcat.util.digester.Digester - End event threw exception
java.lang.reflect.InvocationTargetException: null
Greenhorn

Hi mailinglistI just want to play around with the new HTTP/2 implementation of Tomcat 8.5.2 Beta. The tomcat instance is up and running and the h2 support is activated, according to the log during startup: 01-Jun-2016 01:57:52.544 INFO main org.apache.coyote.http11.AbstractHttp11Protocol.configureUpgradeProtocol The 'https-openssl-apr-8443' connector has been configured. Codehaus Cargo Articles Configuring HTTP 2 for Tomcat 8.5 and above Tomcat 8.5 and above support HTTP/2 (see https: //tomcat.apache. By default Tomcat will ignore all trailer headers when processing HTTP/2 connections. For a header to be processed, it must be added to this comma-separated list of header names. CompressibleMimeType: The value is a comma separated list of MIME types for which HTTP compression may be used. Codehaus Cargo Articles Configuring HTTP 2 for Tomcat 8.5 and above Tomcat 8.5 and above support HTTP/2 (see https: //tomcat.apache. This listener will be removed in Tomcat 10 and may be removed from Tomcat 8.5.x some time after 2020-12-31. (markt) 64011: JNDIRealm no longer authenticates to LDAP. (michaelo) 64021: Ensure that container provided SCIs are always loaded before application provided SCIs. Note that where both the container and the application provide the same.

posted 3 years ago
  • Optional 'thank-you' note:
I got the service to come and I can bring up wsdl pages etc now. Except it works with http and not https.
Do I need configure the SSLHostConfig section? And can I put in the full path to the .jks file or does it need to be in the conf dir? (E:keystorekey.jks)
Greenhorn
posted 3 years ago
  • Optional 'thank-you' note:
From the log file:
Sheriff
posted 3 years ago
  • 1
  • Optional 'thank-you' note:

Quincy Schmidt wrote:From the log file:


That means that something is already running on the same port (8443). Did you shutdown any previous instance of Tomcat?
To find out what's running on that port you can run netstat -ban as Administator (on Linux it's netstat -plan), then search for the port.

SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6 - OCEJPAD 6
How To Ask QuestionsHow To Answer Questions

Greenhorn
posted 3 years ago
  • 3
  • Optional 'thank-you' note:

Rob Spoor wrote:

Quincy Schmidt wrote:From the log file:


That means that something is already running on the same port (8443). Did you shutdown any previous instance of Tomcat?
To find out what's running on that port you can run netstat -ban as Administator (on Linux it's netstat -plan), then search for the port.
Thank you for the reply! I changed port 8080 to 8443 as a test. Having changed it back the bind error no longer comes up.

Finally got it figured out!
Tomcat7:

Tomcat8:
Not sure if this is needed or not, but after reading another forum post I commented out line 28: <Listener className='org.apache.catalina.core.AprLifecycleListener' SSLEngine='on'/>
Tomcat 8.5 enable http2 SSL Config:

Sheriff
posted 3 years ago
  • Optional 'thank-you' note:
Thanks for posting your solution.

All things are lawful, but not all things are profitable.

Bartender
posted 3 years ago
  • Optional 'thank-you' note:
Good discussion.
To get the certificate working, did you need to follow all these steps?
https://cas.hgtc.edu/docs/ssl-howto.html
Any of these particularly problematic?
I'm going to tackle SSL in Tomcat issue this coming week once I figure out which cert to get.
Thanks,
- mike
Sheriff
posted 3 years ago
  • Optional 'thank-you' note:
That URL seems to be an out-of-date version of this:
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

Apache Mod_proxy With Tomcat 8.5 Using Http2 - Server Fault

All things are lawful, but not all things are profitable.

Bartender
posted 3 years ago
  • Optional 'thank-you' note:

Apache Tomcat® - Migration Guide - Tomcat 8.5.x

Knute Snortum wrote:That URL seems to be an out-of-date version of this:
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html


Thanks, will update my link, thank you.

How Can I Support HTTP2 With Tomcat 8.5 And Java SE 8 - Stack ...

If I get my certificate files for Apache, it looks like I skip to:
1. Modify the Tomcat config files, and
2. The Step: 'Installing a Certificate from a Certificate Authority'
Thanks,
- Mike