Java Tomcat7中的EV SSL证书
我试图将Tomcat7配置为使用Thawte提供的EV证书,但无法使其运行 在出现一些问题之后,我们终于可以将证书(主证书、辅助证书和SSL证书)安装到密钥库中,现在我们尝试按照(或尝试按照)上的说明通过server.xml文件配置Tomcat,但出现了一些问题 目前,我们在catalina.out中没有任何错误或警告,但绿色条没有出现。有什么问题吗 server.xml:Java Tomcat7中的EV SSL证书,java,ssl,tomcat7,Java,Ssl,Tomcat7,我试图将Tomcat7配置为使用Thawte提供的EV证书,但无法使其运行 在出现一些问题之后,我们终于可以将证书(主证书、辅助证书和SSL证书)安装到密钥库中,现在我们尝试按照(或尝试按照)上的说明通过server.xml文件配置Tomcat,但出现了一些问题 目前,我们在catalina.out中没有任何错误或警告,但绿色条没有出现。有什么问题吗 server.xml: <Listener className="org.apache.catalina.core.AprLifecycle
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
...
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
...
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!-- DEFAULT
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- NOK - From Thawte
<Connector
className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5"
maxProcessors="75"
enableLookups="false"
acceptCount="10"
connectionTimeout="60000" debug="0"
scheme="https" secure="true">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
keystorePass="..."/>
</Connector>
-->
<!--
<Connector
protocol="HTTP/1.1"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
keystorePass="..."
clientAuth="false" sslProtocol="TLS"/>
-->
<!-- -->
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keyAlias="myalias"
keystoreFile="/home/tomcat/ssl/mykeystorename.kdb"
keystorePass="..."
clientAuth="false" sslProtocol="TLS"/>
<!-- --->
请先确认这些步骤。您的日志信息没有显示任何异常。您还可以尝试将tomcat本机客户端APR与OpenSSL一起使用(APR 1.1.30与OpenSSL 1.0.1g一起使用,以避免Heartbleed bug),从而运行SSL。SSL的性能比本机方式好得多。如果您可以从运行服务器的浏览器进行连接;您的问题似乎是证书未被识别为EV。你试过什么浏览器?当前版本?检查浏览器接收到的证书(通常单击锁定图标并按一些按钮),并验证证书策略是否包含EV OID,例如从1)是,按照上的说明,我已在存储私钥的同一密钥库中导入主证书、辅助证书和SSL证书,2)我已检查密码,3)没有,它们已安装。。。我应该更新它们吗?最好用APR?
...
Apr 28, 2014 10:57:06 AM org.apache.catalina.core.StandardServer await
INFO: A valid shutdown command was received via the shutdown port. Stopping the Server instance.
Apr 28, 2014 10:57:06 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:06 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:07 AM org.apache.catalina.core.StandardService stopInternal
INFO: Stopping service Catalina
...
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO : Destroying ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:07 AM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["ajp-bio-8009"]
...
Apr 28, 2014 10:57:22 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Apr 28, 2014 10:57:23 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
Apr 28, 2014 10:57:23 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2242 ms
Apr 28, 2014 10:57:23 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Apr 28, 2014 10:57:23 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.42
Apr 28, 2014 10:57:23 AM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /var/lib/tomcat7/webapps/ROOT.war