We Keep Coding

Why is Tomcat 9 serving same SSL certificate for two different domains that are configured separately?

I have one Linux server where I run three different websites
Server.xml looks like the following
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="1000" SSLEnabled="true" defaultSSLHostConfigName="sub1.domain1.info">
<SSLHostConfig hostName="sub1.domain1.info">
<Certificate certificateFile="conf/app1/cert.pem" certificateKeyFile="conf/app1/privkey.pem" certificateChainFile="conf/app1/chain.pem"
type="RSA" />
</SSLHostConfig>
<SSLHostConfig hostName="www.domain2.com/">
<Certificate certificateFile="conf/app2/cert.pem" certificateKeyFile="conf/app2/privkey.pem" certificateChainFile="conf/app2/chain.pem"
type="RSA" />
</SSLHostConfig>
<SSLHostConfig hostName="domain3.ac.in">
<Certificate certificateFile="conf/app3/cert.pem" certificateKeyFile="conf/app3/privkey.pem" certificateChainFile="conf/app3/chain.pem"
type="RSA" />
</SSLHostConfig>
<SSLHostConfig hostName="*.domain3.ac.in">
<Certificate certificateFile="conf/app2/cert.pem" certificateKeyFile="conf/app2/privkey.pem" certificateChainFile="conf/app2/chain.pem"
type="RSA" />
</SSLHostConfig>
</Connector>
<Host name="sub1.domain1.info" appBase="/home/applocation" unpackWARs="false" deployXML="false">
<Alias>sub1.domain1.info</Alias>
<Context path="" reloadable="true" docBase="/home/applocation" debug="1"/>
<Context docBase="/home/filepath" path="/pattern"/>
</Host>
<Host name="domain2.com" appBase="/home/app2path" unpackWARs="false" deployXML="false">
<Alias>www.domain2.com</Alias>
<Context path="" reloadable="true" docBase="/home/app2path" debug="1"/>
</Host>
<Host name="domain3.ac.in" appBase="/home/app3path" unpackWARs="false" deployXML="false">
<Alias>www.domain3.ac.in</Alias>
<Context path="" reloadable="true" docBase="/home/app3path" debug="1"/>
</Host>
Certificates generated using certbot
certbot certonly --standalone -d domainName
For some reason, when domain2.com is loaded on the browser, it says certificate is not valid. When I check details of the certificate, it carried the details of sub1.domain1.info's certificate (issued to sub1.domain1.info).
I am confused because, it worked for domain3.ac.in
Certificates were first generated for sub1.domain1.com followed by domain3.ac.in and at last www.domain2.com (at least 3 times generated for this domain now).
One thing I noted is that I get one warning while generating certificate for www.domain2.com that says something like "this might not work" but got generated anyway.
Also I am new to SSL with Tomcat, so please suggest any other necessary changes also.

Http to https redirect issue

Our Bamboo application hosted on AWS ec2 instance and frontend configuration as a classic load balancer. Recently we upgraded the from ubuntu 14 to ubuntu 18 with higher bamboo version(7.0.4) after that does not work HTTP to https redirect.
Could you please help me with this matter?
Server xml configuration:
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="10" minSpareThreads="5" port="8081" protocol="HTTP/1.1" proxyName="example.com" proxyPort="80" redirectPort="443" scheme="http" secure="false" useBodyEncodingForURI="true"/>
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" proxyName="example.com" proxyPort="443" scheme="https" secure="true" useBodyEncodingForURI="true"/>
LB setting:
Regards,
Nataraj.R

I resolved the issue.
A Older tomcat version contains value(http://java.sun.com/xml/ns/j2ee). but the latest tomcat version contains with http://xmlns.jcp.org/xml/ns/javaee. because of that our ansible script skipped.
- name: Adapt {{ path }}/atlassian-bamboo/WEB-INF/web.xml
xml:
path: "{{ path }}/atlassian-bamboo/WEB-INF/web.xml"
namespaces:
x: http://java.sun.com/xml/ns/j2ee
xpath: "/x:web-app"
input_type: yaml
add_children: "{{ bamboo_configuration_webapp_additions }}"
pretty_print: True
state: present
changed_when: False
We added the below value to the web.xml file under tomcat location.
<security-constraint>
<web-resource-collection>
<web-resource-name>Bamboo</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

How to set SSL properly in Apache Tomacat? HTTP works fine

HTTPS works fine in nginx front-end but login refused.HTTP also works fine.
This is the Error shown in chrome console
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR favicon.ico:1 Failed to load resource: the server responded with a status of 500 ().
I have created abc.jks file.
My server.xml configuration looks like this
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/etc/ssl/certs/abc.jks" keystorePass="MYPASSWORD"
clientAuth="false" sslProtocol="TLS"/>
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in theAPR/native
documentation -->
<!-- <Connector
port="8443"protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
--> `

How to redirect user request from http to https in liferay 6.2?

Tried with lot of configuration provided as answers but not working. Following one is very common solution at lot of answers.
To enable SSL open apache-tomcat-7.0.62\conf\server.xml file and uncomment following line:
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/apache-tomcat-7.0.62/conf/SSLcertificate.cert"
clientAuth="false" sslProtocol="TLS" />
apache-tomcat-7.0.62\conf\web.xml file
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Set ssl only on one page on apache tomcat

I am having Spring application and I like to set only one page from my application to run on https , all the other pages to run on http.
I have this configuration in my web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<url-pattern>/external/success</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I have this configuration in server.xml file:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="/opt/apache/apache-tomcat-7.0.55-test/conf/test.jks" keystorePass="changeit" keyAlias="test" />
My application is still running on both http and https and the desired page is open only on https. How can I make restrictions to my application.