ApacheTomcat SSL配置
我正试图在Unix上配置SSL onn apache Tomcat Java Servlet应用程序,但尽管进行了多次尝试并试图在web上找到答案,但都没有成功。谁能帮忙吗。我采取了以下行动: 生成Java密钥库和密钥对ApacheTomcat SSL配置,apache,tomcat,ssl,Apache,Tomcat,Ssl,我正试图在Unix上配置SSL onn apache Tomcat Java Servlet应用程序,但尽管进行了多次尝试并试图在web上找到答案,但都没有成功。谁能帮忙吗。我采取了以下行动: 生成Java密钥库和密钥对 /usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -genkey -v -keyalg RSA -alias tomcat -keypass changeit -storepass changeit -keystore /mykeyst
/usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -genkey -v -keyalg RSA -alias tomcat
-keypass changeit -storepass changeit -keystore /mykeystore/keystore.jks -keysize 2048
生成证书签名请求
/usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -certreq -keyalg RSA -alias tomcat -file
/mykeystore/tomcat.csr -storepass changeit -keystore /mykeystore/keystore.jks
导入根证书和中间CA证书
vi /mykeystore/root.crt
/usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -import -alias root -trustcacerts -file
/mykeystore/root.crt -keystore /mykeystore/keystore.jks
vi /mykeystore/tomcat.crt
/usr/lib/jvm/java-6-sun-1.6.0.26/bin/keytool -import -alias tomcat -file /mykeystore
/tomcat.crt -keystore /mykeystore/keystore.jks
更新server.xml
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/mykeystore/keystore.jks" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
我得到一个错误:
正在侦听地址为8000的传输dt_插座
2012年5月24日20:54:10 org.apache.catalina.core.AprLifecycleListener init
信息:在java.library.path:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386/server:/usr/lib/jvm/java-6-sun-1.6.0.26/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.26/jre/。/lib/i386:/usr/java/packages/i386:/usr/java/packages/lib/i386:/usr/lib
2012年5月24日20:54:11 org.apache.coyote.http11.http11协议初始化
信息:在HTTP-8080上初始化Coyote HTTP/1.1
2012年5月24日20:54:12 org.apache.coyote.http11.http11协议初始化
SEVERE: Error initializing endpoint
java.io.IOException: jsse.invalid_ssl_conf
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL
cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:842)
... 15 more
2012年5月24日20:54:12 org.apache.catalina.core.StandardService初始化
请帮忙。非常感谢。嗯,我不确定您是否能够找出错误,但这是深入挖掘的一个很好的起点:javax.net.ssl.SSLException:没有可用的证书或密钥对应于启用的ssl密码套件。如果出现此错误,则说明:一种可能的解释是Tomcat在指定的密钥库中找不到服务器密钥的别名。检查是否在Tomcat配置文件的元素中指定了正确的keystrefile和keyAlias。提醒-keyAlias值可能区分大小写@安萨里可能区分大小写。它依赖于实现。对于JKS,它不区分大小写。keystone密码是否更改?
SEVERE: Error initializing endpoint
java.io.IOException: jsse.invalid_ssl_conf
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:846)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:522)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:156)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538)
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176)
at org.apache.catalina.connector.Connector.initialize(Connector.java:1022)
at org.apache.catalina.core.StandardService.initialize(StandardService.java:703)
at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:838)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL
cipher suites which are enabled.
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:310)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:255)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.checkConfig(JSSESocketFactory.java:842)
... 15 more