Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Tomcat 8.5 server.xml - Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique

Tags:

tomcat

I am trying to change server.xml with Tomcat 8.5 and get the following error when trying to start tomcat:

09-Feb-2017 06:23:25.278 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Error at (135, 20) : Multiple SSLHostConfig elements were provided for the host name [default]. Host names must be unique.

Relevant server.xml code:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" >
  <SSLHostConfig>       
                  keystoreFile="/saswork/sasadmin/tomcat/certs/eccerts" 
                   keystorePass="xxxxxxxx"
                   storepass="xxxxxxxx"
                   truststoreFile="/saswork/sasadmin/tomcat/certs/eccerts"
                   sslProtocol="TLS"
 </SSLHostConfig>   

Advice appreciated on what the error means and suggestions on a solution welcome.

like image 293
Ecu Avatar asked Feb 09 '17 11:02

Ecu


People also ask

What is maxPostSize in Tomcat?

maxPostSize. The maximum size in bytes of the POST which will be handled by the container FORM URL parameter parsing. The limit can be disabled by setting this attribute to a value less than or equal to 0. If not specified, this attribute is set to 2097152 (2 megabytes).

What is AJP connector Tomcat 9?

The AJP Connector element represents a Connector component that communicates with a web connector via the AJP protocol.

Does Tomcat include OpenSSL?

Tomcat can use three different implementations of SSL: JSSE implementation provided as part of the Java runtime. JSSE implementation that uses OpenSSL. APR implementation, which uses the OpenSSL engine by default.


1 Answers

A quite confusing error "Multiple SSLHostConfig elements" when you clearly only have one.

Turns out this is caused by using deprecated directives.

If you put any of these deprecated attributes in the Connector directive, tomcat assumes you are using the old way and auto creates a SSLHostConfig itself, which then conflicts with the one you are creating.

In your particular case you were using clientAuth="false" on the Connector directive which has become certificateVerification="none" on the SSLHostConfig directive

like image 80
muttonUp Avatar answered Jan 03 '23 15:01

muttonUp