ApacheTomcat SSL配置

我正试图在Unix上配置SSL onn apache Tomcat Java Servlet应用程序，但尽管进行了多次尝试并试图在web上找到答案，但都没有成功。谁能帮忙吗。我采取了以下行动：

生成Java密钥库和密钥对

 /usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -genkey -v -keyalg RSA -alias tomcat
-keypass changeit -storepass changeit -keystore /mykeystore/keystore.jks -keysize 2048

生成证书签名请求

/usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -certreq -keyalg RSA -alias tomcat -file
/mykeystore/tomcat.csr -storepass changeit -keystore /mykeystore/keystore.jks

导入根证书和中间CA证书

vi /mykeystore/root.crt

/usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -import -alias root  -trustcacerts -file
/mykeystore/root.crt -keystore /mykeystore/keystore.jks

vi /mykeystore/tomcat.crt

/usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -import -alias tomcat -file /mykeystore
/tomcat.crt -keystore /mykeystore/keystore.jks

更新server.xml

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
       maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="/mykeystore/keystore.jks" keystorePass="changeit"
       clientAuth="false" sslProtocol="TLS"/>

我得到一个错误：

正在侦听地址为8000的传输dt_插座 2012年5月24日20:54:10 org.apache.catalina.core.AprLifecycleListener init 信息：在java.library.path:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386/server:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.26/jre/。/lib/i386:/usr/java/packages/i386:/usr/java/packages/lib/i386:/usr/lib 2012年5月24日20:54:11 org.apache.coyote.http11.http11协议初始化 信息：在HTTP-8080上初始化Coyote HTTP/1.1 2012年5月24日20:54:12 org.apache.coyote.http11.http11协议初始化

SEVERE: Error initializing endpoint
java.io.IOException: jsse.invalid_ssl_conf

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL
cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:842)
... 15 more

2012年5月24日20:54:12 org.apache.catalina.core.StandardService初始化

---

请帮忙。非常感谢。

嗯，我不确定您是否能够找出错误，但这是深入挖掘的一个很好的起点：javax.net.ssl.SSLException:没有可用的证书或密钥对应于启用的ssl密码套件。如果出现此错误，则说明：一种可能的解释是Tomcat在指定的密钥库中找不到服务器密钥的别名。检查是否在Tomcat配置文件的元素中指定了正确的keystrefile和keyAlias。提醒-keyAlias值可能区分大小写@安萨里可能区分大小写。它依赖于实现。对于JKS，它不区分大小写。keystone密码是否更改？

SEVERE: Error initializing endpoint
java.io.IOException: jsse.invalid_ssl_conf

at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)

Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL
cipher suites which are enabled.

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:842)
... 15 more