Bad Request This combination of host and port requires TLS.

Mathew, Sunil smathew at hbs.edu
Wed Sep 15 16:20:10 UTC 2021 

Hi,

I am using tier/shib-idp:4.1.4_20210802 and I am getting the following error:

Bad Request
This combination of host and port requires TLS.

I generated a new keystore using the command here: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html

keytool -genkey -keyalg RSA -alias tomcat -keystore keystore.jks

Here is my tomcat/conf/server.xml:

<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">

  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />



  <Service name="Catalina">



    <!-- <Connector protocol="org.apache.coyote.http11.Http11NioProtocol"

        port="443" maxThreads="200" scheme="https"

        secure="true" SSLEnabled="true"

        keystoreFile="/opt/certs/keystore.jks"

        keystorePass="xxxxxxx"

        clientAuth="false" sslProtocol="TLS"

        URIEncoding="UTF-8"

        compression="force"

        compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"/> -->



    <Connector

        protocol="org.apache.coyote.http11.Http11NioProtocol"

        port="443" maxThreads="200"

        scheme="https" secure="true" SSLEnabled="true">

      <SSLHostConfig

          ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"

          disableSessionTickets="true"

          honorCipherOrder="false"

          protocols="TLSv1.2,TLSv1.3">

        <Certificate

            certificateKeystoreFile="/opt/certs/keystore.jks"

            certificateKeystorePassword="xxxxxxx" />

      </SSLHostConfig>

      <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />

    </Connector>



    <Engine name="Catalina" defaultHost="localhost">



      <Host name="localhost"  appBase="webapps"

            unpackWARs="true" autoDeploy="true">



          <!-- add valve x-forwarded-for -->

          <Valve className="org.apache.catalina.valves.RemoteIpValve"

               internalProxies="10\.140\.\d{1,3}\.\d{1,3}"

               remoteIpHeader="x-forwarded-for"

               proxiesHeader="x-forwarded-by"

               protocolHeader="x-forwarded-proto"

               hostHeader="x-forwarded-host"

               trustedProxies="proxy1|proxy2|proxy3" />



          <Valve className="org.apache.catalina.valves.AccessLogValve"

               directory="/tmp" prefix="tomcat_access_log"

               rotatable="false" pattern="%h %l %u %t "%r" %s %b remote_ip:%a x-forwarded-for:%{x-forwarded-for}i x-forwarded-host:%{x-forwarded-host}i x-forwarded-proto:%{x-forwarded-proto}i HBS_PERSON_ID: %{HBS_PERSON_ID}i " />



      </Host>

    </Engine>

  </Service>

</Server>


I also tried using the cert and server.xml in the image and got the same error. Has anyone run into the same issue?

Thanks, Sunil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210915/7c9d849a/attachment.htm>

More information about the users mailing list