java Tomcat 7 和无效的密钥库格式
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/33196674/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Tomcat 7 and invalid keystore format
提问by Daniele
I'm trying to connect to Tomcat through https on a remote server; I've found many answers, but no one has worked for me; I'm using Apache, Tomcat 7 on Ubuntu Server 14.04.
我正在尝试通过远程服务器上的 https 连接到 Tomcat;我找到了很多答案,但没有人对我来说有效;我在 Ubuntu Server 14.04 上使用 Apache、Tomcat 7。
First, I created the certificate keystore writing:
首先,我创建了证书密钥库写作:
keytool -genkey -alias tomcat -keyalg RSA
after I' ve edited "/etc/tomcat7/server.xml" to use ssl on port 8443:
在我编辑“/etc/tomcat7/server.xml”以在端口 8443 上使用 ssl 之后:
<Connector port="8443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11Protocol"
keystoreType="JKS"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/lib/jvm/java-7-openjdk-amd64/bin/keytool"
keystorePass="***********" keyAlias="tomcat"
clientAuth="false" sslProtocol="TLS"/>
where ********** is the password; restarting Tomcat through:
其中 ************ 是密码;通过以下方式重新启动Tomcat:
sudo service tomcat7 restart
I'm getting the following error in file "/var/log/tomcat7/catalina.out":
我在文件“/var/log/tomcat7/catalina.out”中收到以下错误:
SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8443]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8443]]
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
at org.apache.catalina.startup.Catalina.load(Catalina.java:638)
at org.apache.catalina.startup.Catalina.load(Catalina.java:663)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
Caused by: org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
... 12 more
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:650)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1214)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:392)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:291)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:549)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:489)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:434)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:181)
at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:397)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
... 13 more
The keystore type is JKS, I've verified it through the command:
keystore类型是JKS,我已经通过命令验证过:
$JAVA_HOME/bin/keytool -list
which has returned:
已返回:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, 17-Oct-2015, PrivateKeyEntry,
Certificate fingerprint (SHA1): 33:14:32:DD:DA:20:BF:CF:70:32:F5:0E:E9:F1:C1:5B:4E:C3:DB:AB
where $JAVA_HOME is "/usr/lib/jvm/java-7-openjdk-amd64";
其中 $JAVA_HOME 是“/usr/lib/jvm/java-7-openjdk-amd64”;
So when I try to connect to "https://myServerIp:8443/" or to "https://myDomainName:8443/" I get "Unable to connect" error.
因此,当我尝试连接到“ https://myServerIp:8443/”或“ https://myDomainName:8443/”时,出现“无法连接”错误。
回答by Greko2015 GuFn
just to further support this answer for beginners like me. On Windows OS
只是为了进一步支持像我这样的初学者的这个答案。在 Windows 操作系统上
First go to C:\Program Files\Java\jdk1.8, Press
Shift + right-clickto open command pront: write thiskeytool.exe -genkey -alias tomcat -keyalg RSA -keystore /{user.name}/.keystore, A sequence of question will then follow after that you will see a new .keytoregenerated at the specify pathNow you need to go to server.xml and modify this two
keystoreFile="${user.home}/.keystore" keystorePass="changeit"with the appropriate one.
首先进入C:\Program Files\Java\jdk1.8,按下
Shift + right-click打开 command pront: write thiskeytool.exe -genkey -alias tomcat -keyalg RSA -keystore /{user.name}/.keystore,之后会出现一系列问题,然后你会看到在指定路径生成了一个新的.keytore现在您需要转到 server.xml 并
keystoreFile="${user.home}/.keystore" keystorePass="changeit"使用适当的修改这两个。
回答by Daniele
Now it works correctly, in short:
现在它可以正常工作了,简而言之:
- I specified the path of the
.keystorefile - I configured Tomcat to use this file
- 我指定了
.keystore文件的路径 - 我配置Tomcat使用这个文件
Thanks to @Titus I've understood where the problem was: when I run the command
感谢@Titus,我明白了问题出在哪里:当我运行命令时
keytool -genkey -alias tomcat -keyalg RSA
or the command
或命令
$JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias tomcat
the program keytoolcreate a file .keystorein a folder of the server; the directory /usr/lib/jvm/java-7-openjdk-amd64/jre/bincontains a file named keystore, but this file is not correct to setup tomcat or for some reason it doesn't work in my case.
To specify the path of the file .keystorewe can run the command
该程序在服务器的文件夹中keytool创建一个文件.keystore;该目录/usr/lib/jvm/java-7-openjdk-amd64/jre/bin包含一个名为 的文件keystore,但该文件对于设置 tomcat 不正确,或者由于某种原因它在我的情况下不起作用。要指定文件的路径,.keystore我们可以运行命令
keytool -genkey -alias tomcat -keyalg RSA -keystore /path/.keystore
and after that I've configured Tomcat editing the file /etc/tomcat7/server.xmlwith the file just created:
之后,我配置了 Tomcat,/etc/tomcat7/server.xml使用刚刚创建的文件编辑文件:
<Connector port="8443" SSLEnabled="true"
protocol="org.apache.coyote.http11.Http11Protocol"
keystoreType="JKS"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/path/.keystore"
keystorePass="************" keyAlias="tomcat"
clientAuth="false" sslProtocol="TLS"/>
