Tomcat 8.5 server.xml - Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique


Tomcat 8.5 server.xml - Multiple SSLHostConfig elements were provided for the host name [_default_]. Host names must be unique



I am trying to change server.xml with Tomcat 8.5 and get the following error when trying to start tomcat:



09-Feb-2017 06:23:25.278 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Error at (135, 20) : Multiple SSLHostConfig elements were provided for the host name [default]. Host names must be unique.



Relevant server.xml code:


<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" >
<SSLHostConfig>
keystoreFile="/saswork/sasadmin/tomcat/certs/eccerts"
keystorePass="xxxxxxxx"
storepass="xxxxxxxx"
truststoreFile="/saswork/sasadmin/tomcat/certs/eccerts"
sslProtocol="TLS"
</SSLHostConfig>





Advice appreciated on what the error means and suggestions on a solution welcome.




3 Answers
3



First, your syntax is incorrect for <SSLHostConfig>.
It should be:


<SSLHostConfig>


<SSLHostConfig>
<Certificate ... />
</SSLHostConfig>



Also, I've had much better luck putting keystorePass inside of <Connector>.


keystorePass


<Connector>



The only <Connector> that works without failing for me is:


<Connector>


<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="keystore.jks" keyAlias="alias"
keystorePass="password"
clientAuth="false" sslProtocol="TLS" />



Otherwise these MultipleSSLHostConfig element errors occur.


MultipleSSLHostConfig





Thanks v much. I had tried the <Connector> approach initially but was getting errors so ventured down the <SSLHostConfig> route. Based on your feedback I tweaked my <Connector> to replicate yours and all is working now.
– Ecu
Feb 13 '17 at 9:43






By using clientAuth="false" you were accidentally creating a default SSL host config in addition to the one you explicitly declared. This made 2, hence the error. See @muttonUp's excellent answer below.
– Richard Brightwell
Jan 30 at 22:55



A quite confusing error "Multiple SSLHostConfig elements" when you clearly only have one.



Turns out this is caused by using deprecated directives.



If you put any of these deprecated attributes in the Connector directive, tomcat assumes you are using the old way and auto creates a SSLHostConfig itself, which then conflicts with the one you are creating.


Connector


SSLHostConfig



In your particular case you were using clientAuth="false" on the Connector directive which has become certificateVerification="none" on the SSLHostConfig directive


clientAuth="false"


Connector


certificateVerification="none"


SSLHostConfig





This is the correct answer.
– Richard Brightwell
Jan 30 at 22:50





This is the correct answer.
– Will
May 24 at 20:49



Here's my configure that works:


<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="your.hostname.com">
<SSLHostConfig hostName="your.hostname.com" protocols="TLSv1.2,TLSv1.1,TLSv1">
<Certificate certificateKeystoreFile="conf/keystore"
type="RSA" xpoweredBy="false" server="Apache TomEE"
certificateKeystorePassword="xxx"/>
</SSLHostConfig>
</Connector>



I had to set the defaultSSLHostConfigName attribute of the connector and the hostName attribute of the SSLHostConfig.


defaultSSLHostConfigName


hostName






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

api-platform.com Unable to generate an IRI for the item of type

api-platform.com Unable to generate an IRI for the item of type I'm trying to setup my first api-platform instance and have run into some presumably noob questions around IDE. What i'm trying to do is setting up an register and reset entity in order to deal with registrations and password reminders from an app. And then have the entity's passed to a custom controller to do some checks, balances and mails afterwards (haven’t gotten around to that yet). But I keep running into this error when posting to my custom entities: { "@context": "/api/contexts/Error", "@type": "hydra:Error", "hydra:title": "An error occurred", "hydra:description": "Unable to generate an IRI for the item of type "AppXXXUserBundleEntityRegister"", "trace": [ { "namespace": "", "short_class": "", "c
Read more

PHP contact form sending but not receiving emails

PHP contact form sending but not receiving emails I have created a contact form using PHP to send the data. The form seems to send fine as there are no errors and success message appears, however I am not receving the emails into the designated inbox. I am using PHPMailer as I originally tried just using the php 'mail' command which I now understand is a bit hit and miss. I cannot see why I would not be receving the emails so I would be very grateful for any help that could be given. I'm quite new to PHP so please be patient with me :) <?php use PHPMailerPHPMailerPHPMailer; use PHPMailerPHPMailerException; $msg = ""; if (isset($_POST['submit'])) { require 'phpmailer/src/Exception.php'; require 'phpmailer/src/PHPMailer.php'; require 'phpmailer/src/SMTP.php'; function sendemail ($to, $from, $body) { $mail = new PHPMailer(true); $mail->setFrom($from); $mail->addAddress($to); $ma
Read more

Do graphics cards have individual ID by which single devices can be distinguished?

Do graphics cards have individual ID by which single devices can be distinguished? I have several graphics cards of the same manufacturer and same model and I want to distinguish them not only by the pcie socket they reside in but by some individual value I can read from the hardware. Is there such value and if so what would it be called and how could I access it? Right now I'm using modern nvidia cards (10xx series) and nvidia inspector.but I'd prefer if there was any value that was also applicable to amd. I have programming and scripting knowledge. I am running Windows 10 1 Answer 1 This is a powershell example to pull information from video cards. The DeviceID is supposed to be unique but only if the manufacturer supports Windows Display Driver Model (WDDM). (I copied this directly from docs.microsoft.com) $strComputer = "." $colItems = get-wmiobject -class "Win32_VideoC
Read more