Fatal编程技术网
  • java/
  • Java ActiveMQ的密钥库被篡改或密码不正确

Java ActiveMQ的密钥库被篡改或密码不正确

java activemq

Java ActiveMQ的密钥库被篡改或密码不正确,java,activemq,keystore,truststore,Java,Activemq,Keystore,Truststore,我使用了3个ActiveMQ实例;它们中的每一个都有自己的密钥库和信任库。我已经为它们中的每一个设置了相应的sslContext。 但是,当我尝试启动服务时,出现以下异常: Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect jvm 1 | at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.jav

我使用了3个ActiveMQ实例;它们中的每一个都有自己的
密钥库
信任库
。我已经为它们中的每一个设置了相应的
sslContext
。 但是,当我尝试启动服务时,出现以下异常:

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
jvm 1    |  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
jvm 1    |  at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
jvm 1    |  at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
jvm 1    |  at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
jvm 1    |  at java.security.KeyStore.load(KeyStore.java:1445)
jvm 1    |  at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:55)
jvm 1    |  at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:871)
jvm 1    |  at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:273)
jvm 1    |  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
jvm 1    |  at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
jvm 1    |  at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
jvm 1    |  at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:64)
jvm 1    |  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
jvm 1    |  at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
jvm 1    |  at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
jvm 1    |  at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:256)
jvm 1    |  at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
jvm 1    |  at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:236)
jvm 1    |  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
jvm 1    |  at org.eclipse.jetty.server.Server.doStart(Server.java:366)
jvm 1    |  at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
jvm 1    |  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
jvm 1    |  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
jvm 1    |  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
jvm 1    |  at java.lang.reflect.Method.invoke(Method.java:498)
jvm 1    |  at org.springframework.util.MethodInvoker.invoke(MethodInvoker.java:269)
jvm 1    |  at org.springframework.beans.factory.config.MethodInvokingBean.invokeWithTargetException(MethodInvokingBean.java:119)
jvm 1    |  at org.springframework.beans.factory.config.MethodInvokingFactoryBean.afterPropertiesSet(MethodInvokingFactoryBean.java:106)
jvm 1    |  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1631)
jvm 1    |  at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1568)
jvm 1    |  ... 33 more
jvm 1    | Caused by: java.security.UnrecoverableKeyException: Password verification failed
jvm 1    |  at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
jvm 1    |  ... 62 more
wrapper  | <-- Wrapper Stopped
编辑 以下是生成密钥库的方法:

generate_keystore(){
  local kpass="$(openssl rand -hex 32)"
  openssl pkcs12 -export -in "server/${HOST}.crt" -inkey "server/${HOST}.key" -name "${HOST}.company.com" -certfile "CA/cacert.pem" -out "server/${HOST}.jks.pkcs12" -passin pass:"${kpass}" -passout pass:"${kpass}"
  keytool -importkeystore -srckeystore "server/${HOST}.jks.pkcs12" -srcstoretype pkcs12 -destkeystore "server/${HOST}.jks" -deststoretype JKS -srcstorepass "${kpass}" -deststorepass "${kpass}"
  echo "${kpass}" > "server/${HOST}.jks.pass"
  rm -f "server/${HOST}.jks.pkcs12"
}
这就是我生成信任库的方式:

generate_truststore(){
  local tpass="$(openssl rand -hex 32)"
  local server="${1}"

  keytool -alias "${server}.company.com" -import -file server/${server}.crt -keystore server/${server}.jts -storepass "${tpass}" -noprompt
  echo "${tpass}" > server/${server}.jts.pass
}
您是如何生成密钥库和信任库的?@次优我已更新了我的问题。请看一看。奇怪的是,它几天前就开始工作了。可能是您混合了不同的方法来配置密钥库吗?此处显示的可能方式您是否也检查了
mom1vasi.jks
的密码?@次优,请您回答,以便我可以接受?你是对的!是关于密码的! 
generate_keystore(){
  local kpass="$(openssl rand -hex 32)"
  openssl pkcs12 -export -in "server/${HOST}.crt" -inkey "server/${HOST}.key" -name "${HOST}.company.com" -certfile "CA/cacert.pem" -out "server/${HOST}.jks.pkcs12" -passin pass:"${kpass}" -passout pass:"${kpass}"
  keytool -importkeystore -srckeystore "server/${HOST}.jks.pkcs12" -srcstoretype pkcs12 -destkeystore "server/${HOST}.jks" -deststoretype JKS -srcstorepass "${kpass}" -deststorepass "${kpass}"
  echo "${kpass}" > "server/${HOST}.jks.pass"
  rm -f "server/${HOST}.jks.pkcs12"
}

generate_truststore(){
  local tpass="$(openssl rand -hex 32)"
  local server="${1}"

  keytool -alias "${server}.company.com" -import -file server/${server}.crt -keystore server/${server}.jts -storepass "${tpass}" -noprompt
  echo "${tpass}" > server/${server}.jts.pass
}