Why isn't tomcat serving the correct SSL certificate

ssl ssl-certificate tomcat tomcat6

Solution 1:

We had trouble with the protocol="HTTP/1.1", with errors in our logs. Our errors were

Certificate file specified or invalid file format

Based on some "google research", we used this for protocol instead:

protocol="org.apache.coyote.http11.Http11NioProtocol"

Our Connector is as follows:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    SSLEnabled="true"
    maxThreads="150" 
    scheme="https" 
    secure="true"
    keystoreFile="/path/to/keystore"
    keystorePass="******"
    clientAuth="false" 
    sslProtocol="TLS" />

Solution 2:

turns out I had a typo in my Connector

It should be: 

<Connector port="443" maxThreads="150" 
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="keystore.keys" keyAlias="webapps2013"
           keystorePass="Redacted"             
           clientAuth="false" sslProtocol="TLS" protocol="HTTP/1.1" />

Note: the first a in keyAlias is capitalized.

Turns out that if the alias isn't listed it just silently serves the first key it finds in the key store.

Related

VPN server not responding, no indications of blocked traffic
Avoid file conflict in rpm package
Elastic Beanstalk CLI - "a float is required"
Samba will not accept the credentials
Can SMB3 Multipathing be weighted by policy?
IAM policy to restrict access to one VPC
Pros / cons of using password-less OpenVPN client keys
"Deny Logon Locally" effects
Is there a way to script the installation of System Center Configuration Manager updates listed in Software Center?
Out-of-order chef recipes causing apt package install to fail
How to Install RVM and RUBY to the specific user in the salt-minion
Running "sudo chef-client" does not update with latest version of cookbook