Hello,
First, this is related to the previous questions I've posted here
regarding authentication using a certificate. The difference is that I
got that to work with the 5.5 release, but I can't get it to work with
the 5.6 release. I want to go to the 5.6 release because of the new
Tomcat CVEs.
I think I have narrowed this down to the certificate configuration in
Tomcat. This is the server.xml certificate configuration that was
working for me in thredds-docker 5.5 and Tomcat 9.0.97:
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
This connector uses the APR/native implementation which always uses
OpenSSL for TLS.
Either JSSE or OpenSSL style configuration may be used. OpenSSL
style
configuration is used below.
-->
<Connector
server="Apache"secure="true"port="8443"protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateKeyFile="/usr/local/share/ca-certificates/privkey.pem"
certificateFile="/usr/local/share/ca-certificates/cert.pem"
certificateChainFile="/usr/local/share/ca-certificates/fullchain.pem"
type="RSA"/>
</SSLHostConfig>
</Connector>
Note I fixed the authentication problems I had previously by making sure
the certificate was installed in the container's OS as well as
configured for Tomcat.
But this configuration does not work for thredds-docker 5.6 and Tomcat
10.1.42. Here is the error in the Tomcat Catalina log:
12-Jun-2025 23:29:09.855 WARNING [main]
org.apache.catalina.startup.Catalina.parseServerXml Unable to load
server configuration from [/usr/local/tomcat/conf/server.xml]
org.xml.sax.SAXParseException; systemId:
file:/usr/local/tomcat/conf/server.xml; lineNumber: 124; columnNumber:
25; Error at line [124] column [25]: [Cannot invoke "org.apache.coyot
e.ProtocolHandler.addSslHostConfig(org.apache.tomcat.util.net.SSLHostConfig)"
because "this.protocolHandler" is null]
at
org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1948)
at
org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:1981)
at
org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1017)
at
java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:618)
at
java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1728)
at
java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2899)
at
java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
at
java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:542)
at
java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:889)
at
java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:825)
at
java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at
java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1224)
at
java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:637)
at
org.apache.tomcat.util.digester.Digester.parse(Digester.java:1506)
at
org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:607)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:697)
at
org.apache.catalina.startup.Catalina.load(Catalina.java:735)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at
java.base/java.lang.reflect.Method.invoke(Method.java:569)
at
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)
Caused by: java.lang.NullPointerException: Cannot invoke
"org.apache.coyote.ProtocolHandler.addSslHostConfig(org.apache.tomcat.util.net.SSLHostConfig)"
because "this.protocolHandler
" is null
at
org.apache.catalina.connector.Connector.addSslHostConfig(Connector.java:883)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at
java.base/java.lang.reflect.Method.invoke(Method.java:569)
at
org.apache.tomcat.util.IntrospectionUtils.callMethod1(IntrospectionUtils.java:490)
at
org.apache.tomcat.util.digester.SetNextRule.end(SetNextRule.java:144)
at
org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1014)
... 20 more
12-Jun-2025 23:29:09.855 SEVERE [main]
org.apache.catalina.startup.Catalina.start Cannot start server, server
instance is not configured
Any suggestions would be appreciated!
Thanks,
Jim