Tomcat 7 SSL Failed

Question

I use Tomcat 7 and will enable the SSL Connector. Actuall i have edit this solution to the server.xml file:

Answer 1

Disable Auto-Switching

There's a bit of a mean automatic mechanism at work here. I recommend you disable that and EXPLICTLY select your desired connector. Details below.

Details

You have your connector configured like so:

The important parameter here is the "protocol" part. The Tomcat 7 documentation says this: (line breaks mine)

protocol

Sets the protocol to handle incoming traffic.

The default value is HTTP/1.1 which uses an auto-switching mechanism to select either a blocking Java based connector or an APR/native based connector.

If the PATH (Windows) or LD_LIBRARY_PATH (on most unix systems) environment variables contain the Tomcat native library, the APR/native connector will be used.

If the native library cannot be found, the blocking Java based connector will be used. Note that the APR/native connector has different settings for HTTPS than the Java connectors.

[...]

So it seems that auto-switching is being used and it doesn't work. And the reason is give in the final paragraph above: we're auto-switching and end up with the "APR" connector.

So then this happens:

1. APR connector has mandatory parameter called SSLCertificateFile.
2. We have NOT supplied that parameter inside server.xml.
3. Tomcat complains about that missing parameter.

Options

So in order to fix this you have several options:

• Turn auto-switching off replace the "HTTP/1.1" text by your desired connector.
• Leave auto-switching on and fix it. By adding the required parameter to server.xml.
• Leave auto-switching on and break it on purpose. By simply deleting "tomcat\bin\tcnative-1.dll". This will trigger the section mentioned above after If the native library cannot be found. This is a bit of a dirty solution. And I'm mentioning this here not because I think this is a great idea. But because I happened to find that this had been done on one of our Development Tomcat machines.