java 什么是 tomcat server.xml 文件中的 keyAlias="aaaa"
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31897461/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
what is keyAlias="aaaa" in tomcat server.xml file
提问by AmitG
I have SSL certificate purchased and installed into tomcat. I created tomcat.keystorefile which I include in server.xmlfile also put password but not able to understand keyAlias="aaa". If I put keyAlias="localhost" then I get exception given below. And if I remove keyAliasitself from the Connector tag then I get another exception which is given below next localhostexception.
我购买了 SSL 证书并将其安装到 tomcat 中。我创建了tomcat.keystore包含在server.xml文件中的文件也输入了密码但无法理解keyAlias="aaa"。如果我输入 keyAlias="localhost" 那么我会得到下面给出的异常。如果我keyAlias从连接器标签中删除自己,那么我会得到另一个异常,它在下一个localhost异常下面给出。
java.io.IOException: Alias name localhost does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:588)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:526)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:471)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:218)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
Here is exception after removing keyAliasitself from the Connectortag.
这是keyAlias从Connector标签中删除自身后的异常。
Aug 08, 2015 2:39:18 PM org.apache.catalina.core.StandardService initInternal
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:821)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.net.BindException: Address already in use <null>:443
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:649)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
Caused by: java.net.BindException: Address already in use
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
at java.net.ServerSocket.bind(ServerSocket.java:376)
at java.net.ServerSocket.<init>(ServerSocket.java:237)
at java.net.ServerSocket.<init>(ServerSocket.java:181)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)
at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:107)
at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:84)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:219)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400)
... 17 more
Following is the content of server.xmlfile.
以下是server.xml文件内容。
<Connector port="443" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="tomcat.keystore"
keystorePass="test" keyAlias="aaa"/>
What is that keyAlias? Why am I getting exception after removing it which is Binding exception ?
那是什么keyAlias?为什么在删除它后我会收到异常,即绑定异常?
回答by paulsm4
KEYALIAS:
基亚利亚斯:
https://www.digicert.com/ssl-certificate-installation-tomcat.htm`
https://www.digicert.com/ssl-certificate-installation-tomcat.htm`
When you import your certificate into the keystore, you would typically give an "alias":
keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jksIn your server.xml, you must then declare the same"alias":
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />Here are some other links that might help:
当您将证书导入密钥库时,您通常会提供一个“别名”:
keytool -import -trustcacerts -alias server -file your_site_name.p7b -keystore your_site_name.jks在您的 server.xml 中,您必须声明相同的“别名”:
<Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="server" keystoreFile="/home/user_name/your_site_name.jks" keystorePass="your_keystore_password" />以下是一些可能有帮助的其他链接:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
https://www.mulesoft.com/tcat/tomcat-ssl
https://www.mulesoft.com/tcat/tomcat-ssl
https://wolfpaulus.com/jounal/mac/tomcat-ssl/
https://wolfpaulus.com/jounal/mac/tomcat-ssl/
SECOND ISSUE, "CAN'T BIND":
第二个问题,“无法绑定”:
As far as "address in use", I would simply try rebooting the server and see if Tomcat starts correctly.
至于“使用中的地址”,我会简单地尝试重新启动服务器并查看 Tomcat 是否正确启动。
If you encounter the error again,
如果再次遇到错误,
Look in your Tomcat settings to see which port you're trying to use (e.g. 443)
Check your system to see who else is using the port (lsof, nmap, etc):
查看您的 Tomcat 设置以查看您尝试使用的端口(例如 443)
检查您的系统以查看还有谁在使用该端口(lsof、nmap 等):
http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/
http://www.howtogeek.com/howto/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/
回答by user207421
These errors are not related.
这些错误无关。
keyAliasis documented in the Tomcat documentation, and that is where you should look for its meaning.- The error you have made is to not import the signed certificate with the same alias you used when generating the keypair. They must be the same so that they keytool will associate the keypair with the certificate and create a key entry instead of a certificate entry.
- The
BindExceptionmeans that some other process, probably a prior invocation of Tomcat that hasn't exited yet, is using the port. Or possibly you have configured two Connectors to use the same port. It only shows up as an error when you configure the SSL connector correctly.
keyAliasTomcat 文档中记录了它,这就是您应该查找其含义的地方。- 您犯的错误是没有导入与生成密钥对时使用的别名相同的签名证书。它们必须相同,以便 keytool 将密钥对与证书相关联并创建密钥条目而不是证书条目。
- 这
BindException意味着某个其他进程(可能是尚未退出的 Tomcat 的先前调用)正在使用该端口。或者您可能已将两个连接器配置为使用相同的端口。它仅在您正确配置 SSL 连接器时显示为错误。
